CVE-2017-1000158
Description
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
3.719
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7_2.7.6-8ubuntu0.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7_2.7.6-8ubuntu0.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7_2.7.12-1ubuntu0~16.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7_2.7.12-1ubuntu0~16.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.4_3.4.3-1ubuntu1~14.04.7_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.4_3.4.3-1ubuntu1~14.04.7_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.5_3.5.2-2ubuntu0~16.04.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.5_3.5.2-2ubuntu0~16.04.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7-stdlib_2.7.6-8ubuntu0.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7-stdlib_2.7.6-8ubuntu0.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7-stdlib_2.7.12-1ubuntu0~16.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7-stdlib_2.7.12-1ubuntu0~16.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.4-stdlib_3.4.3-1ubuntu1~14.04.7_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.4-stdlib_3.4.3-1ubuntu1~14.04.7_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.5-stdlib_3.5.2-2ubuntu0~16.04.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.5-stdlib_3.5.2-2ubuntu0~16.04.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7-minimal_2.7.6-8ubuntu0.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7-minimal_2.7.6-8ubuntu0.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7-minimal_2.7.12-1ubuntu0~16.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7-minimal_2.7.12-1ubuntu0~16.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.4-minimal_3.4.3-1ubuntu1~14.04.7_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.4-minimal_3.4.3-1ubuntu1~14.04.7_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.5-minimal_3.5.2-2ubuntu0~16.04.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.5-minimal_3.5.2-2ubuntu0~16.04.5_amd64.deb | Linux |
| Python3.5 3.5.3-1 for Ubuntu 17.04 (x64) python3.5_3.5.3-1ubuntu0~17.04.2_amd64.deb | Linux |
| Python3.5 3.5.3-1 for Ubuntu 17.04 python3.5_3.5.3-1ubuntu0~17.04.2_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-1) python2.7_2.7.6-8ubuntu0.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-1) python2.7_2.7.6-8ubuntu0.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-1) python2.7_2.7.13-2ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-1) python2.7_2.7.13-2ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-1) python2.7_2.7.12-1ubuntu0~16.04.2_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-1) python2.7_2.7.12-1ubuntu0~16.04.2_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-1) python2.7-minimal_2.7.6-8ubuntu0.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-1) python2.7-minimal_2.7.6-8ubuntu0.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-1) python2.7-minimal_2.7.13-2ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-1) python2.7-minimal_2.7.13-2ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.2_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.2_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-3) python3.4_3.4.3-1ubuntu1~14.04.6_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-3) python3.4_3.4.3-1ubuntu1~14.04.6_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-3) python3.5_3.5.2-2ubuntu0~16.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-3) python3.5_3.5.2-2ubuntu0~16.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-3) python3.5_3.5.3-1ubuntu0~17.04.2_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-3) python3.5_3.5.3-1ubuntu0~17.04.2_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-3) python3.4-minimal_3.4.3-1ubuntu1~14.04.6_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-3) python3.4-minimal_3.4.3-1ubuntu1~14.04.6_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-3) python3.5-minimal_3.5.2-2ubuntu0~16.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-3) python3.5-minimal_3.5.2-2ubuntu0~16.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-3) python3.5-minimal_3.5.3-1ubuntu0~17.04.2_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3496-3) python3.5-minimal_3.5.3-1ubuntu0~17.04.2_amd64.deb | Linux |
| python3.5 security update(DSA-4307-1) python3.5_3.5.3-1+deb9u1_i386.deb | Linux |
| python3.5 security update(DSA-4307-1) python3.5_3.5.3-1+deb9u1_amd64.deb | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpython3_4m1_0-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpython3_4m1_0-debuginfo-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-3.4.10-25.39.3.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-debuginfo-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-debugsource-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-curses-3.4.10-25.39.3.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-curses-debuginfo-3.4.10-25.39.3.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-debuginfo-3.4.10-25.39.3.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-debugsource-3.4.10-25.39.3.x86_64.rpm | Linux |
| Integer Overflow or Wraparound Vulnerability (CVE-2017-1000158) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234