PyString_DecodeEscape integer overflow

Check & prevent integer overflow in PyString_DecodeEscape.

You need to compile a 1 GiB Python file on 32-bit system for reproducing it. It is very unlikely that this can happen by accident, and it is hard to used it in security attack. If you can make the attacked program compiling a 1 GiB Python file, you perhaps have easier ways to make a harm.


  • Disclosure date: 2017-06-13 (Python issue bpo-30657 reported)

Fixed In

Python issue

[security] CVE-2017-1000158: Unsafe arithmetic in PyString_DecodeEscape.

  • Python issue: bpo-30657
  • Creation date: 2017-06-13
  • Reporter: Jay Bosamiya


CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)


Timeline using the disclosure date 2017-06-13 as reference: