CVE-2018-1000117

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000117

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000117.json

Aliases

• PSF-2022-2

Published

2018-03-07T14:29:00Z

Modified

2024-05-13T23:09:15Z

Summary

[none]

Details

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

References

• https://github.com/python/cpython/pull/5989
• https://bugs.python.org/issue33001