VYPR
Unrated severityNVD Advisory· Published Jan 28, 2009· Updated Jun 16, 2026

CVE-2008-5983

CVE-2008-5983

Description

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:python:python:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:python:python:*:*:*:*:*:*:*:*range: <2.6.6
    • (no CPE)range: <=2.6
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

23

News mentions

0

No linked articles in our index yet.