Описание
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.
Отчет
This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | python | Not affected | ||
| Red Hat Enterprise Linux 6 | python | Not affected | ||
| Red Hat Enterprise Linux 8 | python36:3.6/python36 | Not affected | ||
| Red Hat Software Collections | rh-python35-python | Will not fix | ||
| Red Hat Ansible Tower 3.4 for RHEL 7 | ansible-tower-34/ansible-tower-memcached | Fixed | RHBA-2020:0547 | 18.02.2020 |
| Red Hat Ansible Tower 3.4 for RHEL 7 | ansible-tower-35/ansible-tower-memcached | Fixed | RHBA-2020:0547 | 18.02.2020 |
| Red Hat Ansible Tower 3.4 for RHEL 7 | ansible-tower-37/ansible-tower-memcached-rhel7 | Fixed | RHBA-2020:0547 | 18.02.2020 |
| Red Hat Enterprise Linux 7 | python | Fixed | RHSA-2019:2030 | 06.08.2019 |
| Red Hat Enterprise Linux 8 | python3 | Fixed | RHSA-2019:3520 | 05.11.2019 |
| Red Hat Enterprise Linux 8 | python3 | Fixed | RHSA-2019:3520 | 05.11.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
An exploitable denial-of-service vulnerability exists in the X509 cert ...
EPSS
7.5 High
CVSS3