PSF-2017-6

See a problem?

Import Source

https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2017-6.json

JSON Data

https://api.osv.dev/v1/vulns/PSF-2017-6

Aliases

CVE-2017-1000158

Published

2017-11-17T00:00:00Z

Modified

2023-11-01T05:44:02.045924Z

Summary

PyString_DecodeEscape integer overflow

Details

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

References

https://bugs.python.org/issue30657

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6c004b40f9d51872d848981ef1a18bb08c2dfc42

Fixed

c3c9db89273fabc62ea1b48389d9a3000c1c03ae

Fixed

fd8614c5c5466a14a945db5b059c10c0fb8f76d9