CVE - CVE-2023-49797

CVE-ID
CVE-2023-49797	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if all the following are satisfied: 1. The user runs an application containing either `matplotlib` or `win32com`. 2. The application is ran as administrator (or at least a user with higher privileges than the attacker). 3. The user's temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between `shutil.rmtree()`'s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to `pyinstaller >= 5.13.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
FEDORA:FEDORA-2023-0fb94a1209 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2K2XIQLEMZIKUQUOWNDYWTEWYQTKMAN7/ FEDORA:FEDORA-2023-3909a0ab0e URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRWT34FAF23PUOLVZ7RVWBZMWPDR5U7/ MISC:https://github.com/pyinstaller/pyinstaller/pull/7827 URL:https://github.com/pyinstaller/pyinstaller/pull/7827 MISC:https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-9w2p-rh8c-v9g5 URL:https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-9w2p-rh8c-v9g5 MISC:https://github.com/python/cpython/blob/0fb18b02c8ad56299d6a2910be0bab8ad601ef24/Lib/shutil.py#L623 URL:https://github.com/python/cpython/blob/0fb18b02c8ad56299d6a2910be0bab8ad601ef24/Lib/shutil.py#L623
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20231130	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20231130)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)