CVE-2020-8315

Name
CVE-2020-8315
Description
In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugs.python.org/issue39401

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* python >= 3.6.0 <= 3.6.10
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* python >= 3.7.0 <= 3.7.6
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* python >= 3.8.0 <= 3.8.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status