#VU17805 NULL pointer dereference in Python


Published: 2020-04-07

Vulnerability identifier: #VU17805

Vulnerability risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-5010

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Python
Universal components / Libraries / Scripting languages

Vendor: Python.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the X509 certificate parser of the affected software improperly handles X509 certificates with a certificate extension that uses a Certificate Revocation List (CRL) distribution point with empty distributionPoint and cRLIssuer fields. A remote attacker can send a request to initiate a Transport Layer Security (TLS) connection using an X509 certificate that submits malicious input, trigger a NULL pointer dereference condition that causes the application to crash, resulting in a DoS condition.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Python: 3.8, 3.4 - 3.4.8, 3.3.4, 3.5 - 3.5.5, 3.6 - 3.6.5, 3.7

External links
http://bugs.python.org/issue35746

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)
Multiple vulnerabilities in Dell EMC Unity Family
Gentoo update for Python
Red Hat update for rh-python36-python
Red Hat update for python3
Red Hat update for python
Amazon Linux AMI update for python27, python34, python35, python36
OpenSUSE Linux update for python
Slackware Linux update for python
OpenSUSE Linux update for python