Description
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in
the PyString_DecodeEscape function in stringobject.c, resulting in
heap-based buffer overflow (and possible arbitrary code execution)
Notes
| tyhicks | PyBytes_DecodeEscape() may be affected in Python 3.x versions. Please
check. |
| mdeslaur | per upstream bug, 3.6 and 3.7 aren't affected |
Package
| Upstream: | needs-triage
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
| Ubuntu 14.04 ESM (Trusty Tahr): | released
(3.4.3-1ubuntu1~14.04.6)
|
| Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
| Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
| Ubuntu 20.04 LTS (Focal Fossa): | DNE
|
| Ubuntu 20.10 (Groovy Gorilla): | DNE
|
Package
| Upstream: | needs-triage
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
| Ubuntu 14.04 ESM (Trusty Tahr): | needs-triage
|
| Ubuntu 16.04 LTS (Xenial Xerus): | released
(3.5.2-2ubuntu0~16.04.4)
|
| Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
| Ubuntu 20.04 LTS (Focal Fossa): | DNE
|
| Ubuntu 20.10 (Groovy Gorilla): | DNE
|
Package
| Upstream: | needs-triage
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
| Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
| Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
| Ubuntu 18.04 LTS (Bionic Beaver): | not-affected
(code not present)
|
| Ubuntu 20.04 LTS (Focal Fossa): | DNE
|
| Ubuntu 20.10 (Groovy Gorilla): | DNE
|
Package
| Upstream: | needs-triage
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
| Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
| Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
| Ubuntu 18.04 LTS (Bionic Beaver): | not-affected
(code not present)
|
| Ubuntu 20.04 LTS (Focal Fossa): | DNE
|
| Ubuntu 20.10 (Groovy Gorilla): | DNE
|
Updated: 2020-07-28 18:40:29 UTC (commit 7b6828437fde0509248708fcdb5b0f7587b85bd1)