Vulnerabilities > CVE-2020-15523 - Use of Uninitialized Resource vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

python

netapp

CWE-908

NVD

Published: 2020-07-04

Updated: 2022-07-05

Summary

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.

Vulnerable Configurations

Part	Description	Count
Application	Python Python Python 3.5.0 Python Python 3.5.1 Python Python 3.5.2 Python Python 3.5.3 Python Python 3.5.4 Python Python 3.5.5 Python Python 3.5.6 Python Python 3.5.7 Python Python 3.5.8 Python Python 3.5.9 Python Python 3.6.0 Python Python 3.6.1 Python Python 3.6.2 Python Python 3.6.3 Python Python 3.6.4 Python Python 3.6.5 Python Python 3.6.6 Python Python 3.6.7 Python Python 3.6.8 Python Python 3.6.9 Python Python 3.6.10 Python Python 3.6.11 Python Python 3.6.12 Python Python 3.7.0 Python Python 3.7.1 Python Python 3.7.2 Python Python 3.7.3 Python Python 3.7.4 Python Python 3.7.5 Python Python 3.7.6 Python Python 3.7.7 Python Python 3.7.8 Python Python 3.7.9 Python Python 3.8.0 Python Python 3.8.0B1 Python Python 3.8.1 Python Python 3.8.2 Python Python 3.8.3 Python Python 3.8.4 Python Python 3.9.0	152
Application	Netapp Netapp Snapcenter -	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References