CVE-2017-1000158

Опубликовано: 13 июн. 2017

Источник: redhat

CVSS3: 8.1

EPSS Низкий

Описание

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

Отчет

This issue affects the versions of python as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, and python27-python, rh-python34-python, and rh-python35-python as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	python	Will not fix
Red Hat Enterprise Linux 6	python	Will not fix
Red Hat Enterprise Linux 7	python	Will not fix
Red Hat Software Collections	python27-python	Will not fix
Red Hat Software Collections	rh-python34-python	Will not fix
Red Hat Software Collections	rh-python35-python	Will not fix
Red Hat Software Collections	rh-python36-python	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190->CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1519595python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow

EPSS

Процентиль: 85%

0.02492

Низкий

8.1 High

CVSS3

Связанные уязвимости

CVE-2017-1000158

CVSS3: 9.8

ubuntu

больше 7 лет назад

CVE-2017-1000158

CVSS3: 9.8

nvd

больше 7 лет назад

CVE-2017-1000158

CVSS3: 9.8

debian

больше 7 лет назад

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...

SUSE-SU-2018:0768-1

suse-cvrf

около 7 лет назад

Security update for python

GHSA-r68f-4xcm-3xr6

CVSS3: 9.8

github

около 3 лет назад

EPSS

Процентиль: 85%

0.02492

Низкий

8.1 High

CVSS3