Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2019-5010

Published: 31/10/2019 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Python

Vulnerability Summary

It exists that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20406)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python python

opensuse leap 15.1

debian debian linux 9.0

redhat enterprise linux 8.0

redhat enterprise linux eus 8.1

redhat enterprise linux eus 8.2

redhat enterprise linux server tus 8.2

redhat enterprise linux server aus 8.2

redhat enterprise linux server tus 8.4

redhat enterprise linux eus 8.4

redhat enterprise linux server aus 8.4

redhat enterprise linux server aus 8.6

redhat enterprise linux server tus 8.6

redhat enterprise linux eus 8.6

Vendor Advisories

Red Hat: Moderate: python security and bug fix update
Synopsis Moderate: python security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for python is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Moderate: rh-python36-python security, bug fix, and enhancement update
Synopsis Moderate: rh-python36-python security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-python36-python is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common ...
Red Hat: Moderate: python3 security and bug fix update
Synopsis Moderate: python3 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for python3 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ba ...
Debian CVElist Bug Report Logs: python2.7: CVE-2019-5010: NULL pointer dereference using a specially crafted X509 certificate
Debian Bug report logs - #921040 python27: CVE-2019-5010: NULL pointer dereference using a specially crafted X509 certificate Package: python27; Maintainer for python27 is Matthias Klose <doko@debianorg>; Source for python27 is src:python27 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> ...
Debian CVElist Bug Report Logs: CVE-2018-14647
Debian Bug report logs - #921039 CVE-2018-14647 Package: python27; Maintainer for python27 is Matthias Klose <doko@debianorg>; Source for python27 is src:python27 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 31 Jan 2019 23:36:02 UTC Severity: grave Tags: security, upstream ...
Ubuntu Security Notice: python2.7, python3.4 vulnerabilities
Several security issues were fixed in Python ...
Ubuntu Security Notice: python2.7, python3.5, python3.6, python3.7 vulnerabilities
Several security issues were fixed in Python ...
Amazon Linux AMI: ALAS-2019-1169
A null pointer dereference vulnerability was found in the certificate parsing code in Python This causes a denial of service to applications when parsing specially crafted certificates This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate au ...
Amazon Linux 2: ALAS2-2019-1230
A null pointer dereference vulnerability was found in the certificate parsing code in Python This causes a denial of service to applications when parsing specially crafted certificates This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate au ...
Amazon Linux 2: ALAS2-2019-1169
A null pointer dereference vulnerability was found in the certificate parsing code in Python This causes a denial of service to applications when parsing specially crafted certificates This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate au ...
Red Hat: CVE-2019-5010
Impact: Moderate Public Date: 2019-01-15 CWE: CWE-476 Bugzilla: 1666519: CVE-2019-5010 python: NULL poi ...

Github Repositories

https://github.com/JonathanWilbur/CVE-2019-5010

CVE-2019-5010 Exploit PoC - Python Denial of Service via Malformed X.509v3 Extension

CVE-2019-5010 Author: Jonathan M Wilbur <jonathan@wilburspace> Copyright Year: 2019 License: MIT License How to use Install all dependencies by running npm install Compile the project using npm run build Run node /dist/indexjs to create the evil certificate in /dist/cve-2019-5010-certpem Bring up the victim container with docker-compose up This is ho

References

CWE-476https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758https://access.redhat.com/errata/RHSA-2019:3520https://access.redhat.com/errata/RHSA-2019:3725http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlhttps://security.gentoo.org/glsa/202003-26https://lists.debian.org/debian-lts-announce/2020/07/msg00011.htmlhttps://lists.debian.org/debian-lts-announce/2020/08/msg00034.htmlhttps://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2019:2030https://nvd.nist.govhttps://github.com/JonathanWilbur/CVE-2019-5010https://usn.ubuntu.com/4127-2/https://usn.ubuntu.com/4127-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook