CVE-2019-5010: TALOS-2018-0758 SSL CRL distribution points Denial of Service¶
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
This resolves CVE-2019-5010
Patch by Christian Heimes.
- Disclosure date: 2019-01-15 (Python issue bpo-35746 reported)
- Reported at: 2019-01-15
- Reported by: Colin Read and Nicolas Edet of Cisco.
- Python 2.7
- Python 3.4
- Python 3.5
- Python 3.6
- Python 3.7
[ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service.
- Python issue: bpo-35746
- Creation date: 2019-01-15
- Reporter: Cisco Talos
Timeline using the disclosure date 2019-01-15 as reference:
- 2019-01-15: Disclosure date (Python issue bpo-35746 reported)
- 2019-01-15 (+0 days): Reported
- 2019-01-15 (+0 days): Python issue bpo-35746 reported by Cisco Talos
- 2019-01-15 (+0 days): commit 06b1542 (branch 2.7)
- 2019-01-15 (+0 days): commit a37f524 (branch 3.8)
- 2019-01-15 (+0 days): commit be5de95 (branch 3.7)
- 2019-01-16 (+1 days): commit 216a4d8 (branch 3.6)