CVE-2017-1000158
CRITICALCPython < 2.7.15 - Integer Overflow to Heap-Based Buffer Overflow in PyString_DecodeEscape
Title source: llmDescription
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
References (9)
Core 9
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1039890
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2018/dsa-4307
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201805-02
Issue Tracking, Patch, Vendor Advisory
https://bugs.python.org/issue30657
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230216-0001/
Scores
CVSS v3
9.8
EPSS
0.0359
EPSS Percentile
87.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (4)
debian/debian_linux
7.0
debian/debian_linux
8.0
debian/debian_linux
9.0
python/python
< 2.7.15
Published
Nov 17, 2017
Tracked Since
Feb 18, 2026