Wind River Support Network

HomeDefectsLIN10-3506
Fixed

LIN10-3506 : Security Advisory - python - CVE-2018-1000117

Created: Mar 15, 2018    Updated: Dec 3, 2018
Resolved Date: Apr 2, 2018
Found In Version: 10.17.41.1
Fix Version: 10.17.41.6
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

https://nvd.nist.gov/vuln/detail/CVE-2018-1000117

Other Downloads


CVEs


Live chat
Online