Main Vulnerability Database Vulnerabilities #VU24843

#VU24843 Insecure DLL loading in CPython - CVE-2020-8315

Published: February 3, 2020

Vulnerability identifier: #VU24843

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-8315

CWE-ID: CWE-427

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
CPython

Software vendor:
Python.org

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to direct calls to "LoadLibraryW()" in "getpathp.c" without any "LOAD_LIBRARY_SEARCH*" flags. A remote attacker can use a malicious copy of api-ms-win-core-path-l1-1-0.dll, which being loaded and used instead of the system's copy and execute arbitrary code on victim's system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://bugs.python.org/issue39401

#VU24843 Insecure DLL loading in CPython - CVE-2020-8315

Description

Remediation

External links

Please verify you're human