Check & prevent integer overflow in PyString_DecodeEscape.
You need to compile a 1 GiB Python file on 32-bit system for reproducing it. It is very unlikely that this can happen by accident, and it is hard to used it in security attack. If you can make the attacked program compiling a 1 GiB Python file, you perhaps have easier ways to make a harm.
Dates:
Disclosure date: 2017-06-13 (Python issue bpo-30657 reported)
Python 2.7.14 (2017-09-16) fixed by commit c3c9db8 (branch 2.7) (2017-06-18)
Python 3.4.8 (2018-02-04) fixed by commit 6c004b4 (branch 3.4) (2017-12-08)
Python 3.5.5 (2018-02-04) fixed by commit fd8614c (branch 3.5) (2017-12-08)
[security] CVE-2017-1000158: Unsafe arithmetic in PyString_DecodeEscape.
Python issue: bpo-30657
Creation date: 2017-06-13
Reporter: Jay Bosamiya
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
CVE ID: CVE-2017-1000158
Published: 2017-11-17
CVSS Score: 7.5
Timeline using the disclosure date 2017-06-13 as reference:
2017-06-13: Python issue bpo-30657 reported by Jay Bosamiya
2017-06-18 (+5 days): commit c3c9db8 (branch 2.7)
2017-09-16 (+95 days): Python 2.7.14 released
2017-11-17 (+157 days): CVE-2017-1000158 published
2017-12-08 (+178 days): commit 6c004b4 (branch 3.4)
2017-12-08 (+178 days): commit fd8614c (branch 3.5)
2018-02-04 (+236 days): Python 3.4.8 released
2018-02-04 (+236 days): Python 3.5.5 released
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4