-
Notifications
You must be signed in to change notification settings - Fork 2
/
PSF-2020-4.json
53 lines (53 loc) · 1.65 KB
/
PSF-2020-4.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
{
"modified": "2021-03-12T12:06:36Z",
"published": "2020-07-04T22:54:00Z",
"schema_version": "1.5.0",
"id": "PSF-2020-4",
"aliases": [
"CVE-2020-15523"
],
"summary": "Py_SetPath(): _Py_CheckPython3 uses uninitialized DLL path",
"details": "In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.",
"affected": [
{
"ranges": [
{
"type": "GIT",
"events": [
{
"introduced": "0"
},
{
"fixed": "110dd153662a13b8ae1bb06348e5b1f118ab26d7"
},
{
"fixed": "46cbf6148a46883110883488d3e9febbe46ba861"
},
{
"fixed": "4981fe36c7477303de830e8dca929a02caaaffe4"
},
{
"fixed": "aa7f7756149a10c64d01f583b71e91814db886ab"
},
{
"fixed": "dcbaa1b49cd9062fb9ba2b9d49555ac6cd8c60b5"
},
{
"fixed": "f205f1000a2d7f8b044caf281041b3705f293480"
}
],
"repo": "https://github.com/python/cpython"
}
]
}
],
"database_specific": {
"cwe_ids": []
},
"references": [
{
"type": "REPORT",
"url": "https://bugs.python.org/issue29778"
}
]
}