{"id":"PSF-2020-7","summary":"CVE-2020-8315: Unsafe DLL loading in getpathp.c on Windows 7","details":"In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected.","aliases":["BIT-libpython-2020-8315","BIT-python-2020-8315","BIT-python-min-2020-8315","CVE-2020-8315"],"modified":"2025-10-09T01:01:04.714806Z","published":"2020-01-28T18:35:58Z","database_specific":{"cwe_ids":[]},"references":[{"type":"REPORT","url":"https://bugs.python.org/issue39401"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"51332c467ed2e07a191f903d554d0c54248e4d88"},{"fixed":"561c59777c8426fde0ef48b57cf02eddaeb2a5b8"},{"fixed":"6a65eba44bfd82ccc8bed4b5c6dd6637549955d5"},{"fixed":"ad4a20b87d79a619ffbdea3f26848780899494e5"}]}],"versions":["2.5","3.2","v0.9.8","v0.9.9","v1.0.1","v1.0.2","v1.1","v1.1.1","v1.2","v1.2b1","v1.2b2","v1.2b3","v1.2b4","v1.3","v1.3b1","v1.4","v1.4b1","v1.4b2","v1.4b3","v1.5","v1.5.1","v1.5.2","v1.5.2a1","v1.5.2a2","v1.5.2b1","v1.5.2b2","v1.5.2c1","v1.5a1","v1.5a2","v1.5a3","v1.5a4","v1.5b1","v1.5b2","v1.6a1","v1.6a2","v2.0","v2.0b1","v2.0b2","v2.0c1","v2.1","v2.1a1","v2.1a2","v2.1b1","v2.1b2","v2.1c1","v2.1c2","v2.2a3","v2.3c1","v2.3c2","v2.4","v2.4a1","v2.4a2","v2.4a3","v2.4b1","v2.4b2","v2.4c1","v2.5","v2.5.1","v2.5.1c1","v2.5.2","v2.5.2c1","v2.5.3","v2.5.3c1","v2.5.4","v2.5.5","v2.5.5c1","v2.5.5c2","v2.5.6","v2.5.6c1","v2.5a0","v2.5a1","v2.5a2","v2.5b1","v2.5b2","v2.5b3","v2.5c1","v2.5c2","v2.6","v2.6.1","v2.6.2","v2.6.2c1","v2.6.3","v2.6.3rc1","v2.6.4","v2.6.4rc1","v2.6.4rc2","v2.6.5","v2.6.5rc1","v2.6.5rc2","v2.6.6","v2.6.6rc1","v2.6.6rc2","v2.6.7","v2.6.8","v2.6.8rc1","v2.6.8rc2","v2.6a1","v2.6a2","v2.6a3","v2.6b1","v2.6b2","v2.6b3","v2.6rc1","v2.6rc2","v2.7","v2.7.1","v2.7.1rc1","v2.7.2","v2.7.2rc1","v2.7.3","v2.7.3rc1","v2.7.3rc2","v2.7.4rc1","v2.7a1","v2.7a2","v2.7a3","v2.7a4","v2.7b1","v2.7b2","v2.7rc1","v2.7rc2","v3.0a1","v3.0a2","v3.0a3","v3.0a4","v3.0a5","v3.0b1","v3.0b2","v3.0b3","v3.0rc1","v3.0rc2","v3.0rc3","v3.1","v3.1.1","v3.1.1rc1","v3.1.2","v3.1.2rc1","v3.1.3","v3.1.3rc1","v3.1.4","v3.1.4rc1","v3.1.5","v3.1.5rc1","v3.1.5rc2","v3.1a1","v3.1a2","v3.1b1","v3.1rc1","v3.1rc2","v3.2","v3.2.1","v3.2.1b1","v3.2.1rc1","v3.2.1rc2","v3.2.2","v3.2.2rc1","v3.2.3","v3.2.3rc1","v3.2.3rc2","v3.2.4","v3.2.4rc1","v3.2.5","v3.2.6","v3.2.6rc1","v3.2a1","v3.2a2","v3.2a3","v3.2a4","v3.2b1","v3.2b2","v3.2rc1","v3.2rc2","v3.2rc3","v3.3.0","v3.3.0a1","v3.3.0a2","v3.3.0a3","v3.3.0a4","v3.3.0b1","v3.3.0b2","v3.3.0rc1","v3.3.0rc2","v3.3.0rc3","v3.3.1","v3.3.1rc1","v3.3.2","v3.3.3","v3.3.3rc1","v3.3.3rc2","v3.3.4","v3.3.4rc1","v3.3.5","v3.3.5rc1","v3.3.5rc2","v3.3.6","v3.3.6rc1","v3.4.0","v3.4.0a1","v3.4.0a2","v3.4.0a3","v3.4.0a4","v3.4.0b1","v3.4.0b2","v3.4.0b3","v3.4.0rc1","v3.4.0rc2","v3.4.0rc3","v3.4.1","v3.4.1rc1","v3.4.2","v3.4.2rc1","v3.4.3","v3.4.3rc1","v3.4.4","v3.4.4rc1","v3.4.5","v3.4.5rc1","v3.4.6","v3.4.6rc1","v3.5.0","v3.5.0a1","v3.5.0a2","v3.5.0a3","v3.5.0a4","v3.5.0b1","v3.5.0b2","v3.5.0b3","v3.5.0b4","v3.5.0rc1","v3.5.0rc2","v3.5.0rc3","v3.5.0rc4","v3.5.1","v3.5.1rc1","v3.5.2","v3.5.2rc1","v3.5.3","v3.5.3rc1","v3.6.0","v3.6.0a1","v3.6.0a2","v3.6.0a3","v3.6.0a4","v3.6.0b1","v3.6.0b2","v3.6.0b3","v3.6.0b4","v3.6.0rc1","v3.6.0rc2","v3.7.0a1","v3.7.0a2","v3.7.0a3","v3.7.0a4","v3.8.0a1","v3.8.0a2","v3.8.0a3","v3.8.0a4","v3.8.0b1","v3.9.0a1","v3.9.0a2","v3.9.0a3"],"database_specific":{"vanir_signatures":[{"digest":{"length":600,"function_hash":"231750885422581589428019941176340904341"},"id":"PSF-2020-7-08771f4e","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://github.com/python/cpython/commit/ad4a20b87d79a619ffbdea3f26848780899494e5","target":{"file":"PC/getpathp.c","function":"canonicalize"}},{"digest":{"length":584,"function_hash":"8700217590430127178391016530617149292"},"id":"PSF-2020-7-1a8d1a9d","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://github.com/python/cpython/commit/51332c467ed2e07a191f903d554d0c54248e4d88","target":{"file":"PC/getpathp.c","function":"join"}},{"digest":{"length":600,"function_hash":"175133559001480500139726917227917921224"},"id":"PSF-2020-7-5e50a2f3","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://github.com/python/cpython/commit/ad4a20b87d79a619ffbdea3f26848780899494e5","target":{"file":"PC/getpathp.c","function":"join"}},{"digest":{"length":600,"function_hash":"231750885422581589428019941176340904341"},"id":"PSF-2020-7-6cea9982","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://github.com/python/cpython/commit/6a65eba44bfd82ccc8bed4b5c6dd6637549955d5","target":{"file":"PC/getpathp.c","function":"canonicalize"}},{"digest":{"line_hashes":["149169182550173466312255201328653446913","295612235486683956808956331940835754212","32171698922031514674467396298746441028","256674752203020156115585187608987590937","101855634629322167140887014855366307114","241706755980019896295342338355849904315","67258673649732871027406445603625467967","176847046120644168048047331828364138138"],"threshold":0.9},"id":"PSF-2020-7-76cf15e1","deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://github.com/python/cpython/commit/561c59777c8426fde0ef48b57cf02eddaeb2a5b8","target":{"file":"PC/getpathp.c"}},{"digest":{"line_hashes":["324090745137466662971106153326721799674","160752392122102332172212039273500702184","136542570855296222769649897156680062012","243651217609342383925410053977495455234","243863949132300476727765455846828070653"],"threshold":0.9},"id":"PSF-2020-7-7867b86b","deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://github.com/python/cpython/commit/51332c467ed2e07a191f903d554d0c54248e4d88","target":{"file":"Tools/msi/bundle/bootstrap/PythonBootstrapperApplication.cpp"}},{"digest":{"line_hashes":["149169182550173466312255201328653446913","295612235486683956808956331940835754212","32171698922031514674467396298746441028","256674752203020156115585187608987590937","251580650981129326247251243164260776678","241706755980019896295342338355849904315","67258673649732871027406445603625467967","176847046120644168048047331828364138138"],"threshold":0.9},"id":"PSF-2020-7-84e13cf0","deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://github.com/python/cpython/commit/ad4a20b87d79a619ffbdea3f26848780899494e5","target":{"file":"PC/getpathp.c"}},{"digest":{"line_hashes":["324090745137466662971106153326721799674","160752392122102332172212039273500702184","136542570855296222769649897156680062012","243651217609342383925410053977495455234","243863949132300476727765455846828070653"],"threshold":0.9},"id":"PSF-2020-7-918ed2be","deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://github.com/python/cpython/commit/561c59777c8426fde0ef48b57cf02eddaeb2a5b8","target":{"file":"Tools/msi/bundle/bootstrap/PythonBootstrapperApplication.cpp"}},{"digest":{"length":600,"function_hash":"175133559001480500139726917227917921224"},"id":"PSF-2020-7-9e6b4a46","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://github.com/python/cpython/commit/6a65eba44bfd82ccc8bed4b5c6dd6637549955d5","target":{"file":"PC/getpathp.c","function":"join"}},{"digest":{"length":615,"function_hash":"335232464681737043490825616439893618087"},"id":"PSF-2020-7-a295d20a","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://github.com/python/cpython/commit/51332c467ed2e07a191f903d554d0c54248e4d88","target":{"file":"PC/getpathp.c","function":"canonicalize"}},{"digest":{"length":698,"function_hash":"31083521879923379138267842399597255662"},"id":"PSF-2020-7-a7203a1c","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://github.com/python/cpython/commit/561c59777c8426fde0ef48b57cf02eddaeb2a5b8","target":{"file":"PC/getpathp.c","function":"canonicalize"}},{"digest":{"line_hashes":["216388096848581871483250746683434829231","317179959347418306895555379749081167649","51507500461789388223159403182895040240","253032719576962211865617509915541682075","222612065754186101238490019889486176932","76858378172602932306732636689568207143","79681203467598686217878651757347511301","238210380958630066682390515002758183825","172957049162498057856399183703662355907","104093942848145809196147460825786878867","14073744650305261693042649446414582574","259695699543097448730685370165459954652","228153176349071189311265528782312792098","149169182550173466312255201328653446913","295612235486683956808956331940835754212","32171698922031514674467396298746441028","256674752203020156115585187608987590937","219602261051207863262736872421293338857","130276471626909661432548101206428287865","12859929854746673334870938529645657119","127467122096495312443769157852824691816","226518728341663445931208910978354781456","300536492667210227449560196139297027475","138743335032514556760740387386790877296","247946604598347793735598459453962549501","181014467685669964761269346337806160288","117741372059843223039833725719361784390","262851214154377174906387697901366353379","72550884308428103258217094266455274503","243853708227762049642565206015123870648","153329204962180586773184212336351804366","279083661234515311848596236344697426961","238060018358561234785595816630967720304","180191405046477647928305095642063916155","24902247275943922957931715158558740940","231905308198965587299902083431729497693","51898653381545075853561800931382280483","105642208781094645585152132443256188404","228613007352990636768892015145694645291","263029975955605279807038652150037246824","251580650981129326247251243164260776678","241706755980019896295342338355849904315","67258673649732871027406445603625467967","176847046120644168048047331828364138138","139715263454580557183630407617157912951","188479700966281325128858649655047303937","33807431686288077146201906168026976650","76609452573443993928211090711834716542","189897124618133588938302828780948381096","134601977061248646308812508877424542762","31145146036099591446535131248481877765","165430957229254999328002126067218410321","207464367948587462502971147175328304012","277146788697998175192229536038080364335","87788388158759576513632263367298766651","297772998149310973124296389863677142456","329964580679658881050856018001834219838","317518683617397511915545750517334808750","232842050993611124070826951038315020529","68709430055046134370735714157561669921","151734401094768651170526836566304986471"],"threshold":0.9},"id":"PSF-2020-7-a76e5537","deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://github.com/python/cpython/commit/6a65eba44bfd82ccc8bed4b5c6dd6637549955d5","target":{"file":"PC/getpathp.c"}},{"digest":{"line_hashes":["149169182550173466312255201328653446913","236460532055024359399163793036500845505","117170012241971846442442947960185708930","297676422181770258573673185475661955663","6927451115551699067197741899783064745","196723598619500094766375517385570882447","67258673649732871027406445603625467967","176847046120644168048047331828364138138"],"threshold":0.9},"id":"PSF-2020-7-e9adf55f","deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://github.com/python/cpython/commit/51332c467ed2e07a191f903d554d0c54248e4d88","target":{"file":"PC/getpathp.c"}},{"digest":{"length":600,"function_hash":"175133559001480500139726917227917921224"},"id":"PSF-2020-7-f3c501bc","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://github.com/python/cpython/commit/561c59777c8426fde0ef48b57cf02eddaeb2a5b8","target":{"file":"PC/getpathp.c","function":"join"}}],"source":"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2020-7.json"}}],"schema_version":"1.7.3"}