Lucene search

K
osvGoogleOSV:PSF-2017-6
HistoryNov 17, 2017 - 12:00 a.m.

PyString_DecodeEscape integer overflow

2017-11-1700:00:00
Google
osv.dev
16
pystring_decodeescape cpython 2.7.13 buffer overflow heap-based code execution software vulnerability

AI Score

8.1

Confidence

High

EPSS

0.014

Percentile

86.6%

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)