7.2

CVE-2018-1000117

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version >= 3.2.0 < 3.4.9
   MicrosoftWindows
PythonPython Version >= 3.5.0 < 3.5.6
   MicrosoftWindows
PythonPython Version >= 3.6.0 < 3.6.5
   MicrosoftWindows
PythonPython Version3.7.0 Updatebeta1
   MicrosoftWindows
PythonPython Version3.7.0 Updatebeta2
   MicrosoftWindows
PythonPython Version3.7.0 Updatebeta3
   MicrosoftWindows
PythonPython Version3.7.0 Updatebeta4
   MicrosoftWindows
PythonPython Version3.7.0 Updatebeta5
   MicrosoftWindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.212
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://bugs.python.org/issue33001
Patch
Third Party Advisory
Issue Tracking
https://github.com/python/cpython/pull/5989
Patch
Vendor Advisory
Issue Tracking