CVE-2017-1000158 (retired)

Priority
Description
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in
the PyString_DecodeEscape function in stringobject.c, resulting in
heap-based buffer overflow (and possible arbitrary code execution)
Notes
 tyhicks> PyBytes_DecodeEscape() may be affected in Python 3.x versions. Please
  check.
 mdeslaur> per upstream bug, 3.6 and 3.7 aren't affected
Assigned-to
leosilva
Package
Upstream:released (2.7.13-4)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.3-0ubuntu3.10)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.7.12-1ubuntu0~16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.2-2ubuntu0~16.04.4)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
More Information

Updated: 2019-09-19 16:00:57 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)