[issue30657] [security] CVE-2017-1000158: Unsafe arithmetic in PyString_DecodeEscape
Serhiy Storchaka
report at bugs.python.org
Wed Nov 29 12:03:20 EST 2017
Serhiy Storchaka <storchaka+cpython at gmail.com> added the comment:
I don't think it is worth to add this vulnerability to the python-security website. You need to compile a 1 GiB Python file on 32-bit system for reproducing it. It is very unlikely that this can happen by accident, and it is hard to used it in security attack. If you can make the attacked program compiling a 1 GiB Python file, you perhaps have easier ways to make a harm.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue30657>
_______________________________________
More information about the Python-bugs-list
mailing list