Vulnerabilities > CVE-2017-1000158 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1190.NASL description A minor security vulnerability has been discovered in Python 2.7, an interactive high-level object-oriented language. CVE-2017-1000158 CPython (the reference implementation of Python also commonly known as simply Python) versions 2.6 and 2.7 are vulnerable to an integer overflow and heap corruption, leading to possible arbitrary code execution. The nature of the error has to do with improper handling of large strings with escaped characters. For Debian 7 last seen 2020-03-17 modified 2017-11-27 plugin id 104749 published 2017-11-27 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104749 title Debian DLA-1190-1 : python2.6 security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1190-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(104749); script_version("3.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2017-1000158"); script_name(english:"Debian DLA-1190-1 : python2.6 security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "A minor security vulnerability has been discovered in Python 2.7, an interactive high-level object-oriented language. CVE-2017-1000158 CPython (the reference implementation of Python also commonly known as simply Python) versions 2.6 and 2.7 are vulnerable to an integer overflow and heap corruption, leading to possible arbitrary code execution. The nature of the error has to do with improper handling of large strings with escaped characters. For Debian 7 'Wheezy', these problems have been fixed in version 2.6.8-1.1+deb7u1. We recommend that you upgrade your python2.6 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/python2.6" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:idle-python2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.6-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.6-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.6-examples"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.6-minimal"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"idle-python2.6", reference:"2.6.8-1.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libpython2.6", reference:"2.6.8-1.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"python2.6", reference:"2.6.8-1.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"python2.6-dbg", reference:"2.6.8-1.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"python2.6-dev", reference:"2.6.8-1.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"python2.6-doc", reference:"2.6.8-1.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"python2.6-examples", reference:"2.6.8-1.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"python2.6-minimal", reference:"2.6.8-1.1+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2017-6BE762EA64.NASL description Security fix for CVE-2017-1000158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-12-05 plugin id 105011 published 2017-12-05 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105011 title Fedora 25 : python (2017-6be762ea64) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-6be762ea64. # include("compat.inc"); if (description) { script_id(105011); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-1000158"); script_xref(name:"FEDORA", value:"2017-6be762ea64"); script_name(english:"Fedora 25 : python (2017-6be762ea64)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2017-1000158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-6be762ea64" ); script_set_attribute( attribute:"solution", value:"Update the affected python package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC25", reference:"python-2.7.13-3.fc25")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python"); }NASL family Fedora Local Security Checks NASL id FEDORA_2017-7FE2C4BC0E.NASL description Fix for CVE-2017-1000158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-04 plugin id 105519 published 2018-01-04 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105519 title Fedora 26 : python33 (2017-7fe2c4bc0e) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-7fe2c4bc0e. # include("compat.inc"); if (description) { script_id(105519); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-1000158"); script_xref(name:"FEDORA", value:"2017-7fe2c4bc0e"); script_name(english:"Fedora 26 : python33 (2017-7fe2c4bc0e)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for CVE-2017-1000158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-7fe2c4bc0e" ); script_set_attribute( attribute:"solution", value:"Update the affected python33 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python33"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC26", reference:"python33-3.3.7-2.fc26")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python33"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-943.NASL description CPython (aka Python) is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) (CVE-2017-1000158) last seen 2020-06-01 modified 2020-06-02 plugin id 106170 published 2018-01-19 reporter This script is Copyright (C) 2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106170 title Amazon Linux AMI : python35 / python34 (ALAS-2018-943) NASL family Fedora Local Security Checks NASL id FEDORA_2017-E0ABE14016.NASL description Security fix for CVE-2017-1000158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-12-20 plugin id 105385 published 2017-12-20 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105385 title Fedora 26 : python34 (2017-e0abe14016) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3496-1.NASL description It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 104844 published 2017-11-29 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104844 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : python2.7 vulnerability (USN-3496-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0051_PYTHON2.NASL description An update of the python2 package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121774 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121774 title Photon OS 2.0: Python2 PHSA-2017-0051 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0052.NASL description An update of [rsync,python2,procmail,libvirt,linux,mongodb,openssh,binutils,glibc] packages for photonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111901 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111901 title Photon OS 1.0: Binutils / Glibc / Linux / Mongodb / Openssh / Procmail / Python2 / Rsync PHSA-2017-0052 (deprecated) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-511.NASL description This update for python fixes the following issues : Security issues fixed : - CVE-2017-1000158: Fixed integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution (bsc#1068664). - CVE-2018-1000030: Fixed crash inside the Python interpreter when multiple threads used the same I/O stream concurrently (bsc#1079300). This update was imported from the SUSE:SLE-12-SP1:Update update project. last seen 2020-06-05 modified 2018-05-24 plugin id 110069 published 2018-05-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110069 title openSUSE Security Update : python (openSUSE-2018-511) NASL family Fedora Local Security Checks NASL id FEDORA_2017-2E5A17C4CC.NASL description Fix for CVE-2017-1000158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105845 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105845 title Fedora 27 : python33 (2017-2e5a17c4cc) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1189.NASL description A minor security vulnerability has been discovered in Python 2.7, an interactive high-level object-oriented language. CVE-2017-1000158 CPython (the reference implementation of Python also commonly known as simply Python) versions 2.6 and 2.7 are vulnerable to an integer overflow and heap corruption, leading to possible arbitrary code execution. The nature of the error has to do with improper handling of large strings with escaped characters. For Debian 7 last seen 2020-03-17 modified 2017-11-27 plugin id 104748 published 2017-11-27 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104748 title Debian DLA-1189-1 : python2.7 security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1434.NASL description According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python last seen 2020-06-01 modified 2020-06-02 plugin id 124937 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124937 title EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434) NASL family Fedora Local Security Checks NASL id FEDORA_2017-A41F6A8078.NASL description Security fix for CVE-2017-1000158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105944 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105944 title Fedora 27 : python34 (2017-a41f6a8078) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3496-3.NASL description USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 104845 published 2017-11-29 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104845 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : python3.4, python3.5 vulnerability (USN-3496-3) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1334.NASL description According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)(CVE-2017-1000158) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-12-18 plugin id 105315 published 2017-12-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105315 title EulerOS 2.0 SP1 : python (EulerOS-SA-2017-1334) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1520.NASL description Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython (aka Python) is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CVE-2018-1060 python is vulnerable to catastrophic backtracking in pop3lib last seen 2020-06-01 modified 2020-06-02 plugin id 117713 published 2018-09-27 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117713 title Debian DLA-1520-1 : python3.4 security update NASL family Fedora Local Security Checks NASL id FEDORA_2017-99D12BF610.NASL description Security fix for CVE-2017-1000158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105934 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105934 title Fedora 27 : python35 (2017-99d12bf610) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1372-1.NASL description This update for python fixes the following issues: Security issues fixed : - CVE-2017-1000158: Fixed integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution (bsc#1068664). - CVE-2018-1000030: Fixed crash inside the Python interpreter when multiple threads used the same I/O stream concurrently (bsc#1079300). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110037 published 2018-05-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110037 title SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2018:1372-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0234-1.NASL description This update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133259 published 2020-01-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133259 title SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy) NASL family Fedora Local Security Checks NASL id FEDORA_2017-677069C484.NASL description Fix for CVE-2017-1000158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105896 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105896 title Fedora 27 : python26 (2017-677069c484) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0051.NASL description An update of [rsync,linux,openssh,procmail,python2,libvirt] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111900 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111900 title Photon OS 2.0: Libvirt / Linux / Openssh / Procmail / Python2 / Rsync PHSA-2017-0051 (deprecated) NASL family Fedora Local Security Checks NASL id FEDORA_2017-CF8C62747A.NASL description Security fix for CVE-2017-1000158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-12-20 plugin id 105384 published 2017-12-20 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105384 title Fedora 26 : python35 (2017-cf8c62747a) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1519.NASL description Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython (aka Python) is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CVE-2018-1060 python is vulnerable to catastrophic backtracking in pop3lib last seen 2020-06-01 modified 2020-06-02 plugin id 117712 published 2018-09-27 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117712 title Debian DLA-1519-1 : python2.7 security update NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-945.NASL description Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow CPython (aka Python) is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) (CVE-2017-1000158) last seen 2020-06-01 modified 2020-06-02 plugin id 106690 published 2018-02-09 reporter This script is Copyright (C) 2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106690 title Amazon Linux AMI : python27 (ALAS-2018-945) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0497-1.NASL description This update for python3 fixes the following issues : Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6 : Security issues fixed : Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-02-27 plugin id 134106 published 2020-02-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134106 title SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2020:0497-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201805-02.NASL description The remote host is affected by the vulnerability described in GLSA-201805-02 (Python: Buffer overflow) A buffer overflow was discovered in Python’s PyString_DecodeEscape function in stringobject.c. Impact : Remote attackers, by enticing a user to process a specially crafted file, could execute arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 109534 published 2018-05-03 reporter This script is Copyright (C) 2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/109534 title GLSA-201805-02 : Python: Buffer overflow NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0768-1.NASL description This update for python fixes the following issues : - CVE-2017-1000158: Fixed integer overflow in thePyString_DecodeEscape function (bsc#1068664). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 108578 published 2018-03-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108578 title SUSE SLES11 Security Update : python (SUSE-SU-2018:0768-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4307.NASL description Multiple security issues were discovered in Python: ElementTree failed to initialise Expat last seen 2020-06-01 modified 2020-06-02 plugin id 117838 published 2018-10-01 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117838 title Debian DSA-4307-1 : python3.5 - security update NASL family Fedora Local Security Checks NASL id FEDORA_2017-2D441A1D98.NASL description Fix for CVE-2017-1000158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-12-19 plugin id 105361 published 2017-12-19 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105361 title Fedora 26 : python26 (2017-2d441a1d98) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0FE70BCD2CE346C9A64B4A7DA097DB07.NASL description Python issue : There is a possible integer overflow in PyString_DecodeEscape function of the file stringobject.c, which can be abused to gain a heap overflow, possibly leading to arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 106732 published 2018-02-12 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106732 title FreeBSD : python -- possible integer overflow vulnerability (0fe70bcd-2ce3-46c9-a64b-4a7da097db07) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1335.NASL description According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)(CVE-2017-1000158) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-12-18 plugin id 105316 published 2017-12-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105316 title EulerOS 2.0 SP2 : python (EulerOS-SA-2017-1335)
References
- https://bugs.python.org/issue30657
- http://www.securitytracker.com/id/1039890
- https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html
- https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html
- https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html
- https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html
- https://www.debian.org/security/2018/dsa-4307
- https://security.gentoo.org/glsa/201805-02
- https://security.netapp.com/advisory/ntap-20230216-0001/