CVE-2017-1000158

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

References

http://www.securitytracker.com/id/1039890

https://bugs.python.org/issue30657

https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html

https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html

https://security.gentoo.org/glsa/201805-02

https://www.debian.org/security/2018/dsa-4307

Details

Source: MITRE

Published: 2017-11-17

Updated: 2019-10-03

Type: CWE-190

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
134106SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2020:0497-1)NessusSuSE Local Security Checks
critical
133259SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
124937EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)NessusHuawei Local Security Checks
critical
121774Photon OS 2.0: Python2 PHSA-2017-0051NessusPhotonOS Local Security Checks
critical
117838Debian DSA-4307-1 : python3.5 - security updateNessusDebian Local Security Checks
critical
117713Debian DLA-1520-1 : python3.4 security updateNessusDebian Local Security Checks
critical
117712Debian DLA-1519-1 : python2.7 security updateNessusDebian Local Security Checks
critical
111901Photon OS 1.0: Binutils / Glibc / Linux / Mongodb / Openssh / Procmail / Python2 / Rsync PHSA-2017-0052 (deprecated)NessusPhotonOS Local Security Checks
critical
111900Photon OS 2.0: Libvirt / Linux / Openssh / Procmail / Python2 / Rsync PHSA-2017-0051 (deprecated)NessusPhotonOS Local Security Checks
critical
110069openSUSE Security Update : python (openSUSE-2018-511)NessusSuSE Local Security Checks
critical
110037SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2018:1372-1)NessusSuSE Local Security Checks
critical
109534GLSA-201805-02 : Python: Buffer overflowNessusGentoo Local Security Checks
critical
108578SUSE SLES11 Security Update : python (SUSE-SU-2018:0768-1)NessusSuSE Local Security Checks
critical
106732FreeBSD : python -- possible integer overflow vulnerability (0fe70bcd-2ce3-46c9-a64b-4a7da097db07)NessusFreeBSD Local Security Checks
critical
106690Amazon Linux AMI : python27 (ALAS-2018-945)NessusAmazon Linux Local Security Checks
critical
106170Amazon Linux AMI : python35 / python34 (ALAS-2018-943)NessusAmazon Linux Local Security Checks
critical
105944Fedora 27 : python34 (2017-a41f6a8078)NessusFedora Local Security Checks
critical
105934Fedora 27 : python35 (2017-99d12bf610)NessusFedora Local Security Checks
critical
105896Fedora 27 : python26 (2017-677069c484)NessusFedora Local Security Checks
critical
105845Fedora 27 : python33 (2017-2e5a17c4cc)NessusFedora Local Security Checks
critical
105519Fedora 26 : python33 (2017-7fe2c4bc0e)NessusFedora Local Security Checks
critical
105385Fedora 26 : python34 (2017-e0abe14016)NessusFedora Local Security Checks
critical
105384Fedora 26 : python35 (2017-cf8c62747a)NessusFedora Local Security Checks
critical
105361Fedora 26 : python26 (2017-2d441a1d98)NessusFedora Local Security Checks
critical
105316EulerOS 2.0 SP2 : python (EulerOS-SA-2017-1335)NessusHuawei Local Security Checks
critical
105315EulerOS 2.0 SP1 : python (EulerOS-SA-2017-1334)NessusHuawei Local Security Checks
critical
105011Fedora 25 : python (2017-6be762ea64)NessusFedora Local Security Checks
critical
104845Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : python3.4, python3.5 vulnerability (USN-3496-3)NessusUbuntu Local Security Checks
critical
104844Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : python2.7 vulnerability (USN-3496-1)NessusUbuntu Local Security Checks
critical
104749Debian DLA-1190-1 : python2.6 security updateNessusDebian Local Security Checks
critical
104748Debian DLA-1189-1 : python2.7 security updateNessusDebian Local Security Checks
critical