Integer Overflow Vulnerability in PyString_DecodeEscape Function in CPython

Integer Overflow Vulnerability in PyString_DecodeEscape Function in CPython

CVE-2017-1000158 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

Learn more about our Web Application Penetration Testing UK.