FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

python -- possible integer overflow vulnerability

Affected packages
python34 < 3.4.8
python35 < 3.5.5

Details

VuXML ID 0fe70bcd-2ce3-46c9-a64b-4a7da097db07
Discovery 2017-06-03
Entry 2018-02-11

Python issue:

There is a possible integer overflow in PyString_DecodeEscape function of the file stringobject.c, which can be abused to gain a heap overflow, possibly leading to arbitrary code execution.

References

CVE Name CVE-2017-1000158
URL https://bugs.python.org/issue30657
URL https://docs.python.org/3.4/whatsnew/changelog.html
URL https://docs.python.org/3.5/whatsnew/changelog.html