Memory corruption in Python - CVE-2018-1000030
Published: March 13, 2018 / Updated: March 13, 2018
Vulnerability identifier: #VU10956
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1000030
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Python.org
Affected software:
Python
Python
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists due to race condition. A remote attacker can trigger memory corruption and cause the service to crash or possibly execute arbitrary code with elevated privileges on the target system.
The weakness exists due to race condition. A remote attacker can trigger memory corruption and cause the service to crash or possibly execute arbitrary code with elevated privileges on the target system.
How to mitigate CVE-2018-1000030
Install update from vendor's website.