CVE-2019-5010
HIGHPython 2.7.0-2.7.15 - Denial of Service via X509 Certificate NULL Pointer Dereference
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-5010. PoCs published by JonathanWilbur.
AI-analyzed exploit summary This repository contains a PoC for CVE-2019-5010, which exploits a vulnerability in Python's ssl module. The exploit generates a malicious certificate that causes a crash (DoS) when processed by the vulnerable module.
Description
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
Exploits (1)
This repository contains a PoC for CVE-2019-5010, which exploits a vulnerability in Python's ssl module. The exploit generates a malicious certificate that causes a crash (DoS) when processed by the vulnerable module.
References (8)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H