Intrusion Prevention

Python.SSL.X.509.DistributionPoint.NULL.Pointer.Dereference.DoS

Description

This indicates an attack attempt to exploit a Null Pointer Dereference Vulnerability in Python SSL.
Remote attackers could exploit the vulnerability in server programs by sending a malicious client certificate, and in client programs by sending a malicious server certificate as part of the TLS handshake. In a successful attack, the attacker can cause a denial-of-service condition.

Affected Products

Python Software Foundation Python 2.7
Python Software Foundation Python 3.x

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Refer to the vendor supplied advisory for updates:
https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html

CVE References

CVE-2019-5010