An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Python | Python | 2.7.0 (including) | 2.7.16 (excluding) |
Python | Python | 3.4.0 (including) | 3.4.10 (excluding) |
Python | Python | 3.5.0 (including) | 3.5.7 (excluding) |
Python | Python | 3.6.0 (including) | 3.6.9 (excluding) |
Python | Python | 3.7.0 (including) | 3.7.3 (excluding) |