Python.org contains an exploitable denial-of-service vulnerability in its X509 certificate parser.
A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. Python can crash if getpeercert() is called on a TLS connection, which uses a certificate with invalid DistributionPoint in its extension. In accordance with our coordinated disclosure policy, Cisco Talos worked with Python to ensure that these issues are resolved and that an update is available for affected customers. A denial-of-service vulnerability exists on Python.org in its X509 certificate parser. An attacker could exploit this bug by delivering a specially crafted X509 certificate to Python.org. Python assumes a valid distpoint. And if the certificate contains a crafted certificate DistributionPoint with both a blank distributionPoint and cRLIssuer, it could cause a NULL pointer dereference, leading to a denial of service.
