Buffer Overflow Vulnerability in os.symlink() Function on Windows in Python Software Foundation CPython Versions 3.2 to 3.6.4

Buffer Overflow Vulnerability in os.symlink() Function on Windows in Python Software Foundation CPython Versions 3.2 to 3.6.4

CVE-2018-1000117 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

Learn more about our Web Application Penetration Testing UK.