{
  "threat_severity" : "Moderate",
  "public_date" : "2019-01-15T00:00:00Z",
  "bugzilla" : {
    "description" : "python: NULL pointer dereference using a specially crafted X509 certificate",
    "id" : "1666519",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1666519"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", "A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities." ],
  "statement" : "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6.",
  "affected_release" : [ {
    "product_name" : "Red Hat Ansible Tower 3.4 for RHEL 7",
    "release_date" : "2020-02-18T00:00:00Z",
    "advisory" : "RHBA-2020:0547",
    "cpe" : "cpe:/a:redhat:ansible_tower:3.4::el7",
    "package" : "ansible-tower-34/ansible-tower-memcached:1.4.15-28"
  }, {
    "product_name" : "Red Hat Ansible Tower 3.4 for RHEL 7",
    "release_date" : "2020-02-18T00:00:00Z",
    "advisory" : "RHBA-2020:0547",
    "cpe" : "cpe:/a:redhat:ansible_tower:3.4::el7",
    "package" : "ansible-tower-35/ansible-tower-memcached:1.4.15-28"
  }, {
    "product_name" : "Red Hat Ansible Tower 3.4 for RHEL 7",
    "release_date" : "2020-02-18T00:00:00Z",
    "advisory" : "RHBA-2020:0547",
    "cpe" : "cpe:/a:redhat:ansible_tower:3.4::el7",
    "package" : "ansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-06T00:00:00Z",
    "advisory" : "RHSA-2019:2030",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "python-0:2.7.5-86.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-11-05T00:00:00Z",
    "advisory" : "RHSA-2019:3520",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python3-0:3.6.8-15.1.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-11-05T00:00:00Z",
    "advisory" : "RHSA-2019:3520",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "python3-0:3.6.8-15.1.el8"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6",
    "release_date" : "2019-11-06T00:00:00Z",
    "advisory" : "RHSA-2019:3725",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6",
    "package" : "rh-python36-python-0:3.6.9-2.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2019-11-06T00:00:00Z",
    "advisory" : "RHSA-2019:3725",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-python36-python-0:3.6.9-2.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
    "release_date" : "2019-11-06T00:00:00Z",
    "advisory" : "RHSA-2019:3725",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-python36-python-0:3.6.9-2.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2019-11-06T00:00:00Z",
    "advisory" : "RHSA-2019:3725",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-python36-python-0:3.6.9-2.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS",
    "release_date" : "2019-11-06T00:00:00Z",
    "advisory" : "RHSA-2019:3725",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-python36-python-0:3.6.9-2.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python36:3.6/python36",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Will not fix",
    "package_name" : "rh-python35-python",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-5010\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5010\nhttps://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" ],
  "name" : "CVE-2019-5010",
  "csaw" : false
}