Описание
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Одновременно
Одно из
EPSS
6.7 Medium
CVSS3
7.2 High
CVSS2
Дефекты
Связанные уязвимости
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.
Python Software Foundation CPython version From 3.2 until 3.6.4 on Win ...
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.
EPSS
6.7 Medium
CVSS3
7.2 High
CVSS2