Homepage
About Snyk

Execution with Unnecessary Privileges Affecting pyinstaller package, versions [,3.6)

0.0
high

Snyk CVSS

    Attack Complexity High
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    EPSS 0.04% (6th percentile)
Expand this section
NVD
7.8 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-PYINSTALLER-541867
  • published 14 Jan 2020
  • disclosed 14 Jan 2020
  • credit Farid Ayoujil
Report a new vulnerability Found a mistake?

Introduced: 14 Jan 2020

CVE-2019-16784 Open this link in a new tab
CWE-250 Open this link in a new tab

How to fix?

Upgrade pyinstaller to version 3.6 or higher.

Overview

pyinstaller is a package that bundles a Python application and all its dependencies into a single package

Affected versions of this package are vulnerable to Execution with Unnecessary Privileges. On Windows only, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\Windows\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade).