← Back

CVE-2018-1000117

nvd nist
Published: Mar 7, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

Affected (8)

Products: Python: Python
Python
1 product
Python
Configuration A
8 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Python
Python
From 3.2.0 to 3.4.9
Python
From 3.5.0 to 3.5.6
Python
From 3.6.0 to 3.6.5
Python
Version 3.7.0 beta1
Python
Version 3.7.0 beta2
Python
Version 3.7.0 beta3
Python
Version 3.7.0 beta4
Python
Version 3.7.0 beta5
Running on/withPlatform Versions
Microsoft
Windows
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

Source: cve@mitre.org
Issue TrackingPatchThird Party Advisory
Source: cve@mitre.org
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory

Timeline

No history available yet.