Uncontrolled resource consumption vulnerability in Python - CVE-2022-45061ID: oval:org.secpod.oval:def:87739 | Date: (C)2023-02-27 (M)2024-05-22 |
Class: VULNERABILITY | Family: windows |
The host is installed with Python 3.7.x through 3.7.15, and 3.8.x through 3.8.15, 3.9.x through 3.9.15, 3.10.x through 3.10.8 or 3.11.x before 3.11.1 and is prone to an uncontrolled resource consumption vulnerability. A flaw is present in the application, which fails to properly handle an issue in all users with the "Add Python to PATH" option selected. Successful exploitation allows attackers without administrative permissions to trigger a repair operation of the PATH option to add incorrect additional paths to the system PATH variable, and then use search path hijacking to achieve escalation of privilege.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows 7 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 10 |