PSF-2017-6

Import Source

https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2017-6.json

Aliases

CVE-2017-1000158

Published

2017-11-17T00:00:00Z

Modified

2023-11-08T03:58:43.558517Z

Summary

PyString_DecodeEscape integer overflow

Details

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

References

https://bugs.python.org/issue30657

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

0The exact introduced commit is unknown

Fixed

6c004b40f9d51872d848981ef1a18bb08c2dfc42

Fixed

c3c9db89273fabc62ea1b48389d9a3000c1c03ae

Fixed

fd8614c5c5466a14a945db5b059c10c0fb8f76d9