Critical severity9.8NVD Advisory· Published Nov 17, 2017· Updated Jun 17, 2026
CVE-2017-1000158
CVE-2017-1000158
Description
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
76cpe:2.3:a:python:python:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*range: <2.7.15
- (no CPE)range: <=2.7.13
- osv-coords71 versionspkg:rpm/opensuse/python&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python3-base&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python3-base&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python3-base&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python3-base&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python3-base&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python3&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python3&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python3&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python3&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 2.7.18-8.1+ 70 more
- (no CPE)range: < 2.7.18-8.1
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.2
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 3.4.10-25.39.3
- (no CPE)range: < 2.7.13-28.3.2
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.6.9-40.3.1
- (no CPE)range: < 2.7.13-28.3.2
- (no CPE)range: < 2.6.9-40.3.1
- (no CPE)range: < 2.7.13-28.3.2
- (no CPE)range: < 2.6.9-40.3.1
- (no CPE)range: < 2.7.13-28.3.2
- (no CPE)range: < 2.7.13-28.3.2
- (no CPE)range: < 2.7.13-28.3.2
- (no CPE)range: < 2.7.13-28.3.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.6.9-40.3.1
- (no CPE)range: < 2.7.13-28.3.2
- (no CPE)range: < 2.6.9-40.3.1
- (no CPE)range: < 2.7.13-28.3.2
- (no CPE)range: < 2.6.9-40.3.1
- (no CPE)range: < 2.6-8.40.3.1
- (no CPE)range: < 2.7.13-28.3.3
- (no CPE)range: < 2.6-8.40.3.1
- (no CPE)range: < 2.7.13-28.3.3
- (no CPE)range: < 2.6-8.40.3.1
Patches
Vulnerability mechanics
References
9- bugs.python.org/issue30657nvdIssue TrackingPatchVendor Advisory
- www.securitytracker.com/id/1039890nvdThird Party AdvisoryVDB Entry
- lists.debian.org/debian-lts-announce/2017/11/msg00035.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2017/11/msg00036.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/09/msg00030.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/09/msg00031.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201805-02nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4307nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20230216-0001/nvd
News mentions
0No linked articles in our index yet.