Published: 07/03/2018 Updated: 05/07/2022

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python python 3.7.0
python python

Buffer Overflow Vulnerability that can result ACE

CVE-2018-1000117 Python Software Foundation CPython version From 32 until 364 on Windows contains a Buffer Overflow vulnerability in ossymlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location This v

CWE-120 https://github.com/python/cpython/pull/5989 https://bugs.python.org/issue33001 https://nvd.nist.gov https://github.com/1337r00t/CVE-2018-1000117-Exploit

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-1000117

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect