Unrated severityNVD Advisory· Published Jul 4, 2020· Updated Aug 4, 2024
CVE-2020-15523
CVE-2020-15523
Description
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.
Affected products
13- Python/Pythondescription
- osv-coords12 versionspkg:bitnami/libpythonpkg:bitnami/pythonpkg:bitnami/python-minpkg:rpm/opensuse/python310&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python311&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python312&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python313&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python314&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python315&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python39&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/python311&distro=SUSE%20Linux%20Micro%206.0
>= 3.5.0, < 3.5.10+ 11 more
- (no CPE)range: >= 3.5.0, < 3.5.10
- (no CPE)range: >= 3.5.0, < 3.5.10
- (no CPE)range: >= 3.5.0, < 3.5.10
- (no CPE)range: < 3.10.0rc1-4.2
- (no CPE)range: < 3.11.0b1-1.1
- (no CPE)range: < 3.12.0a7-1.1
- (no CPE)range: < 3.13.0~b3-1.1
- (no CPE)range: < 3.14.0~a1-1.1
- (no CPE)range: < 3.15.0~a1-1.1
- (no CPE)range: < 3.9.7-2.1
- (no CPE)range: < 3.11.8-3.1
- (no CPE)range: < 3.11.8-3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- bugs.python.org/issue29778mitrex_refsource_MISC
- github.com/python/cpython/pull/21297mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210312-0004/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.