CVE-2019-5010

Published: 18 January 2019

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
python2.7
Launchpad, Ubuntu, Debian
Upstream
Released (2.7.16)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.7.16-2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.7.16-2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.7.15-4ubuntu4~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.7.12-1ubuntu0~16.04.8)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://github.com/python/cpython/commit/06b15424b0dcacb1c551b2a36e739fffa8d0c595
python3.4
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.4.3-1ubuntu1~14.04.7+esm2)
Patches:
Upstream: https://github.com/python/cpython/commit/6c655ce34ae54adb8eef22b73108e22cc381cb8d
python3.5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.5.2-2ubuntu0~16.04.8)
Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://github.com/python/cpython/commit/efec7631edf3b9480dc3988c97ffef94df8800da
python3.6
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.6.8-1~18.04.2)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/python/cpython/commit/216a4d83c3b72f4fdcd81b588dc3f42cc461739a
python3.7
Launchpad, Ubuntu, Debian
Upstream
Released (3.7.2-2)
Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.7.3~rc1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031