python: PyString_DecodeEscape integer overflow (CVE-2017-1000158)
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
(from redmine: issue id 8540, created on 2018-02-22, closed on 2018-02-23)
- Relations:
- child #8541 (closed)
- child #8542 (closed)
- child #8543 (closed)