CVE-2018-1000117: Buffer Overflow
First published: Wed Mar 07 2018(Updated: )
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Python Python | >=3.2.0<3.4.9 | |
| Python Python | >=3.5.0<3.5.6 | |
| Python Python | >=3.6.0<3.6.5 | |
| Python Python | =3.7.0-beta1 | |
| Python Python | =3.7.0-beta2 | |
| Python Python | =3.7.0-beta3 | |
| Python Python | =3.7.0-beta4 | |
| Python Python | =3.7.0-beta5 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/remedy
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/description
- vendor/python
- canonical/python python
- version/python python/3.2.0
- version/python python/3.5.0
- version/python python/3.6.0
- version/python python/3.7.0-beta1
- version/python python/3.7.0-beta2
- version/python python/3.7.0-beta3
- version/python python/3.7.0-beta4
- version/python python/3.7.0-beta5
- vendor/microsoft
- canonical/microsoft windows