{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "3.7.0-beta1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.7.0-beta2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.7.0-beta3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.7.0-beta4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.7.0-beta5" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "3.2.0" }, { "fixed": "3.4.9" }, { "introduced": "3.5.0" }, { "fixed": "3.5.6" }, { "introduced": "3.6.0" }, { "fixed": "3.6.5" } ] }, "events": [ { "introduced": "0" }, { "fixed": "0a5a5af9b6b47727c5ee3def4508dab312949075" }, { "introduced": "2e789a1f1d84b343a996e8654590703b5fbdd441" }, { "fixed": "627d0c61ac96009450e3794a2401f244e56fcb79" }, { "introduced": "5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12" }, { "fixed": "f59c0932b4e160f279fb98de4cdad2f58269e0a5" } ], "repo": "https://github.com/python/cpython", "type": "GIT" } ] } ], "details": "Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.", "id": "CVE-2018-1000117", "modified": "2026-04-01T23:08:07.792197056Z", "published": "2018-03-07T14:29:00.280Z", "references": [ { "type": "FIX", "url": "https://bugs.python.org/issue33001" }, { "type": "FIX", "url": "https://github.com/python/cpython/pull/5989" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }