CVE-2020-15523

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.

Published: Jul 5, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-15523
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Affected Software
References

Software	From	Fixed in
python / python	3.5.0	3.5.10
python / python	3.6.0	3.6.12
python / python	3.7.0	3.7.9
python / python	3.8.0	3.8.4
python / python	3.8.4-rc1	3.8.4-rc1.x
python / python	3.9.0-alpha1	3.9.0-alpha1.x
python / python	3.9.0-alpha2	3.9.0-alpha2.x
python / python	3.9.0-alpha3	3.9.0-alpha3.x
python / python	3.9.0-alpha4	3.9.0-alpha4.x
python / python	3.9.0-alpha5	3.9.0-alpha5.x
python / python	3.9.0-alpha6	3.9.0-alpha6.x
python / python	3.9.0-beta1	3.9.0-beta1.x
python / python	3.9.0-beta2	3.9.0-beta2.x
python / python	3.9.0-beta3	3.9.0-beta3.x
python / python	3.9.0-beta4	3.9.0-beta4.x

Vulnerability Database

289,599

CVE-2020-15523