New submission from Jay Bosamiya:
In Python 2.7, there is a possible integer overflow in
PyString_DecodeEscape function of the file stringobject.c, which can
be abused to gain a heap overflow, possibly leading to arbitrary code
execution.
The relevant parts of the code are highlighted below
Changes by Jay Bosamiya :
--
pull_requests: +2226
___
Python tracker
<http://bugs.python.org/issue30657>
___
___
Python-bugs-list mailing list
Unsubscribe:
Jay Bosamiya added the comment:
I've made a patch that should fix the vulnerability. Please do let me know if
changes are required. Thanks a lot :)
PS: For anyone who looks at this later on, in my original message describing
the issue, the line `*p++ = *s++;` should be marked as (4) in
