PT-2017-3760 · Python+3 · Cpython+3

Jay Bosamiya

Publicado

2017-11-17

Atualizado

2024-06-15

CVE-2017-1000158

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: CPython versions up to 2.7.13

Description: The issue is related to an integer overflow in the PyString DecodeEscape function in stringobject.c, which can lead to a heap-based buffer overflow and potentially allow for arbitrary code execution. This can be exploited by a remote attacker.

Recommendations: For versions up to 2.7.13, update to a version that includes a fix for the integer overflow in the PyString DecodeEscape function to prevent heap-based buffer overflow and possible arbitrary code execution. As a temporary workaround, consider restricting the use of the PyString DecodeEscape function until a patch is available.

Exploit

Correção

Integer Overflow

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190CWE-119

Identificadores relacionados

ALT-PU-2018-1654

ALT-PU-2018-2782

BDU:2019-00438

CVE-2017-1000158

DLA-1189-1

DLA-1190-1

DLA-1519-1

DLA-1520-1

DSA-4307-1

MGASA-2018-0004

OPENSUSE-SU-2018_1415-1

OPENSUSE-SU-2024:11202-1

PSF-2017-6

SUSE-SU-2018:0768-1

SUSE-SU-2018:1372-1

SUSE-SU-2018_1372-1

SUSE-SU-2020:0234-1

SUSE-SU-2020:0497-1

USN-3496-1

USN-3496-2

USN-3496-3

Produtos afetados

Alt Linux

Cpython

Suse

Ubuntu

PT-2017-3760 · Python+3 · Cpython+3

CVE-2017-1000158

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 224