CVE-2020-15523

Published: Jul 4, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.

Affected (16)

Products: Python: Python · Netapp: Snapcenter

1 product

1 product

Configuration A

15 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Python Python	From 3.5.0 to 3.5.10
Python Python	From 3.6.0 to 3.6.12
Python Python	From 3.7.0 to 3.7.9
Python Python	From 3.8.0 to 3.8.4
Python Python	Version 3.8.4 rc1
Python Python	Version 3.9.0 alpha1
Python Python	Version 3.9.0 alpha2
Python Python	Version 3.9.0 alpha3
Python Python	Version 3.9.0 alpha4
Python Python	Version 3.9.0 alpha5
Python Python	Version 3.9.0 alpha6
Python Python	Version 3.9.0 beta1
Python Python	Version 3.9.0 beta2
Python Python	Version 3.9.0 beta3
Python Python	Version 3.9.0 beta4