Lucene search

[email protected]CVE-2020-15523

HistoryJul 04, 2020 - 11:15 p.m.

CVE-2020-15523

2020-07-0423:15:10

CWE-427

CWE-908

[email protected]

web.nvd.nist.gov

194

cve-2020-15523

python

windows

trojan horse

python3.dll

security vulnerability

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.

Affected configurations

NVD

Node

microsoftwindowsMatch-

AND

pythonpythonRange3.5.0–3.5.10

pythonpythonRange3.6.0–3.6.12

pythonpythonRange3.7.0–3.7.9

pythonpythonRange3.8.0–3.8.4

pythonpythonMatch3.8.4rc1

pythonpythonMatch3.9.0alpha1

pythonpythonMatch3.9.0alpha2

pythonpythonMatch3.9.0alpha3

pythonpythonMatch3.9.0alpha4

pythonpythonMatch3.9.0alpha5

pythonpythonMatch3.9.0alpha6

pythonpythonMatch3.9.0beta1

pythonpythonMatch3.9.0beta2

pythonpythonMatch3.9.0beta3

pythonpythonMatch3.9.0beta4

Node

netappsnapcenterMatch-

CPENameOperatorVersion
python:pythonpythonlt3.5.10
python:pythonpythonlt3.6.12
python:pythonpythonlt3.7.9
python:pythonpythonlt3.8.4
python:pythonpythoneq3.9.0