Vulnerability Details : CVE-2017-1000158
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
Vulnerability category: Overflow
Products affected by CVE-2017-1000158
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Threat overview for CVE-2017-1000158
Top countries where our scanners detected CVE-2017-1000158
Top open port discovered on systems with this issue
80
IPs affected by CVE-2017-1000158 46,319
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-1000158!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-1000158
1.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-1000158
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-1000158
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1000158
-
https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html
[SECURITY] [DLA 1190-1] python2.6 security updateMailing List;Third Party Advisory
-
https://bugs.python.org/issue30657
Issue 30657: [security] CVE-2017-1000158: Unsafe arithmetic in PyString_DecodeEscape - Python trackerIssue Tracking;Patch;Vendor Advisory
-
https://www.debian.org/security/2018/dsa-4307
Debian -- Security Information -- DSA-4307-1 python3.5Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html
[SECURITY] [DLA 1520-1] python3.4 security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html
[SECURITY] [DLA 1519-1] python2.7 security updateMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1039890
CPython Integer Overflow in PyString_DecodeEscape() Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201805-02
Python: Buffer overflow (GLSA 201805-02) — Gentoo securityThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20230216-0001/
CVE-2017-1000158 Python Vulnerability in NetApp Products | NetApp Product Security
-
https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html
[SECURITY] [DLA 1189-1] python2.7 security updateMailing List;Third Party Advisory
Jump to