#VU10956 Memory corruption in Python - CVE-2018-1000030
Published: March 13, 2018 / Updated: March 13, 2018
Vulnerability identifier: #VU10956
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1000030
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Python
Python
Software vendor:
Python.org
Python.org
Description
The vulnerability allows a remote unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists due to race condition. A remote attacker can trigger memory corruption and cause the service to crash or possibly execute arbitrary code with elevated privileges on the target system.
The weakness exists due to race condition. A remote attacker can trigger memory corruption and cause the service to crash or possibly execute arbitrary code with elevated privileges on the target system.
Remediation
Install update from vendor's website.