Описание
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.5 | fixed | 3.5.5-1 | package | |
| python3.4 | removed | package | ||
| python2.7 | fixed | 2.7.13-4 | package | |
| python2.7 | fixed | 2.7.13-2+deb9u2 | stretch | package |
| python2.6 | removed | package |
Примечания
https://bugs.python.org/issue30657
2.7 https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae (v2.7.14rc1)
3.4 https://github.com/python/cpython/commit/6c004b40f9d51872d848981ef1a18bb08c2dfc42 (v3.4.8rc1)
3.5 https://github.com/python/cpython/commit/fd8614c5c5466a14a945db5b059c10c0fb8f76d9 (v3.5.5rc1)
The 2.7.13-4 upload included the commit in debian/patches/git-updates.diff
EPSS
Связанные уязвимости
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
EPSS