CVE-2018-1000117

Published: 3/7/2018 Last updated: 9/17/2024 Reserved: 3/7/2018

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (7)

conf-python-2-7 conf-python-2-7-dev conf-python-3 conf-python-3-7 conf-python-3-dev py termbox

Products affected (1)

Product	Vendor	Version
n/a	n/a	<= *

References (8)

https://github.com/python/cpython/pull/5989
https://bugs.python.org/issue33001
https://github.com/python/cpython/pull/5989
https://bugs.python.org/issue33001
https://github.com/python/cpython/pull/5989
https://bugs.python.org/issue33001
https://github.com/python/cpython/pull/5989
https://bugs.python.org/issue33001