CVE-2017-1000158

Priority
Medium
Description
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in
the PyString_DecodeEscape function in stringobject.c, resulting in
heap-based buffer overflow (and possible arbitrary code execution)
References
Notes
 tyhicks> PyBytes_DecodeEscape() may be affected in Python 3.x versions. Please
  check.
Assigned-to
leosilva
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):not-affected (code not present)
Ubuntu 17.10 (Artful Aardvark):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Ubuntu 17.10 (Artful Aardvark):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (3.4.3-1ubuntu1~14.04.6)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.2-2ubuntu0~16.04.4)
Ubuntu 17.04 (Zesty Zapus):released (3.5.3-1ubuntu0~17.04.2)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (2.7.13-4)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.3-0ubuntu3.10)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.7.6-8ubuntu0.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.7.12-1ubuntu0~16.04.2)
Ubuntu 17.04 (Zesty Zapus):released (2.7.13-2ubuntu0.1)
Ubuntu 17.10 (Artful Aardvark):not-affected (2.7.14-2ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
More Information

Updated: 2017-12-15 20:18:02 UTC (commit 13913)