Vulnerability Details : CVE-2017-1000158
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
Vulnerability category: Overflow
Threat overview for CVE-2017-1000158
Top countries where our scanners detected CVE-2017-1000158
Top open port discovered on systems with this issue
80
IPs affected by CVE-2017-1000158 36,687
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-1000158!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-1000158
Probability of exploitation activity in the next 30 days: 1.43%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-1000158
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
nvd@nist.gov |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
nvd@nist.gov |
CWE ids for CVE-2017-1000158
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1000158
-
https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html
[SECURITY] [DLA 1190-1] python2.6 security updateMailing List;Third Party Advisory
-
https://bugs.python.org/issue30657
Issue 30657: [security] CVE-2017-1000158: Unsafe arithmetic in PyString_DecodeEscape - Python trackerIssue Tracking;Patch;Vendor Advisory
-
https://www.debian.org/security/2018/dsa-4307
Debian -- Security Information -- DSA-4307-1 python3.5Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html
[SECURITY] [DLA 1520-1] python3.4 security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html
[SECURITY] [DLA 1519-1] python2.7 security updateMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1039890
CPython Integer Overflow in PyString_DecodeEscape() Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201805-02
Python: Buffer overflow (GLSA 201805-02) — Gentoo securityThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20230216-0001/
CVE-2017-1000158 Python Vulnerability in NetApp Products | NetApp Product Security
-
https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html
[SECURITY] [DLA 1189-1] python2.7 security updateMailing List;Third Party Advisory
Products affected by CVE-2017-1000158
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*