CVE-2020-15523
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.
En Python versiones 3.6 hasta 3.6.10, 3.7 hasta 3.7.8, 3.8 hasta 3.8.4rc1 y 3.9 hasta 3.9.0b4 en Windows, se puede usar una python3.dll de tipo caballo de Troya en los casos en que CPython está incorporado en una aplicación nativa. Esto se produce porque python3X.dll puede usar una ruta de búsqueda no válida para cargar python3.dll (después de que haya sido usado Py_SetPath). NOTA: este problema NO PUEDE ocurrir cuando se usa python.exe desde una instalación estándar (no incorporada) de Python en Windows
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-07-04 CVE Reserved
- 2020-07-04 CVE Published
- 2024-05-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
- CWE-908: Use of Uninitialized Resource
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.python.org/issue29778 | 2022-07-05 | |
| https://github.com/python/cpython/pull/21297 | 2022-07-05 | |
| https://security.netapp.com/advisory/ntap-20210312-0004 | 2022-07-05 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.5.0 < 3.5.10 Search vendor "Python" for product "Python" and version " >= 3.5.0 < 3.5.10" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.6.0 < 3.6.12 Search vendor "Python" for product "Python" and version " >= 3.6.0 < 3.6.12" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.7.0 < 3.7.9 Search vendor "Python" for product "Python" and version " >= 3.7.0 < 3.7.9" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.8.0 < 3.8.4 Search vendor "Python" for product "Python" and version " >= 3.8.0 < 3.8.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.8.4 Search vendor "Python" for product "Python" and version "3.8.4" | rc1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.9.0 Search vendor "Python" for product "Python" and version "3.9.0" | alpha1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.9.0 Search vendor "Python" for product "Python" and version "3.9.0" | alpha2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.9.0 Search vendor "Python" for product "Python" and version "3.9.0" | alpha3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.9.0 Search vendor "Python" for product "Python" and version "3.9.0" | alpha4 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.9.0 Search vendor "Python" for product "Python" and version "3.9.0" | alpha5 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.9.0 Search vendor "Python" for product "Python" and version "3.9.0" | alpha6 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.9.0 Search vendor "Python" for product "Python" and version "3.9.0" | beta1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.9.0 Search vendor "Python" for product "Python" and version "3.9.0" | beta2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.9.0 Search vendor "Python" for product "Python" and version "3.9.0" | beta3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.9.0 Search vendor "Python" for product "Python" and version "3.9.0" | beta4 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||