Bug 1666519 (CVE-2019-5010) - CVE-2019-5010 python: NULL pointer dereference using a specially crafted X509 certificate
Summary: CVE-2019-5010 python: NULL pointer dereference using a specially crafted X509...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-5010
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1666520 1666521 1666522 1666523 1666524 1666525 1666526 1666527 1666788 1666789 1666790 1666791 1666792 1666793 1709396
Blocks: 1666528
TreeView+ depends on / blocked
 
Reported: 2019-01-15 21:54 UTC by Laura Pardo
Modified: 2020-01-30 19:59 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.
Clone Of:
Environment:
Last Closed: 2019-08-06 13:21:32 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:2030 None None None 2019-08-06 12:04:50 UTC
Red Hat Product Errata RHSA-2019:3520 None None None 2019-11-05 21:06:40 UTC
Red Hat Product Errata RHSA-2019:3725 None None None 2019-11-06 09:45:22 UTC

Description Laura Pardo 2019-01-15 21:54:56 UTC
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.


References:
https://bugs.python.org/issue35746

Upstream Patch:
https://github.com/python/cpython/pull/11569

Comment 1 Laura Pardo 2019-01-15 21:55:50 UTC
Created python3 tracking bugs for this issue:

Affects: fedora-all [bug 1666522]


Created python33 tracking bugs for this issue:

Affects: fedora-28 [bug 1666524]


Created python34 tracking bugs for this issue:

Affects: epel-all [bug 1666526]
Affects: fedora-all [bug 1666525]


Created python35 tracking bugs for this issue:

Affects: fedora-all [bug 1666527]


Created python36 tracking bugs for this issue:

Affects: epel-7 [bug 1666523]
Affects: fedora-29 [bug 1666520]


Created python37 tracking bugs for this issue:

Affects: fedora-28 [bug 1666521]

Comment 4 Adam Mariš 2019-01-25 15:27:14 UTC
Statement:

This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6.

Comment 5 Adam Mariš 2019-01-25 15:27:15 UTC
External References:

https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html

Comment 6 errata-xmlrpc 2019-08-06 12:04:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:2030

Comment 7 Product Security DevOps Team 2019-08-06 13:21:32 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-5010

Comment 8 errata-xmlrpc 2019-11-05 21:06:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3520 https://access.redhat.com/errata/RHSA-2019:3520

Comment 9 errata-xmlrpc 2019-11-06 09:45:20 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6

Via RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3725


Note You need to log in before you can comment on or make changes to this bug.