CVE-2017-1000158 — Integer Overflow or Wraparound in Python
Severity
9.8CRITICALNVD
EPSS
3.6%
top 12.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 17
Latest updateMay 13
Description
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
Also affects: Debian Linux 7.0, 8.0, 9.0
Patches
🔴Vulnerability Details
2📋Vendor Advisories
5Red Hat
▶
Debian▶
CVE-2017-1000158: python2.7 - CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the Py...↗2017
📄Research Papers
1💬Community
7Bugzilla▶
CVE-2017-1000158 python3: python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow [fedora-all]↗2017-12-01
Bugzilla▶
CVE-2017-1000158 python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow [fedora-all]↗2017-12-01
Bugzilla▶
CVE-2017-1000158 python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow↗2017-12-01
Bugzilla▶
CVE-2017-1000158 python34: python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow [fedora-all]↗2017-12-01
Bugzilla▶
CVE-2017-1000158 python35: python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow [fedora-all]↗2017-12-01