CVE-2021-3177

Updated: 2023-11-07 20:22:23.359249

Description:

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 7 ELS python 2.7.5 9.8 CRITICAL Already Fixed 2023-10-31 14:07:33
CentOS 7 ELS python3 3.6.8 9.8 CRITICAL Released CLSA-2023:1695834624 2023-09-27 14:08:03
CentOS 8.4 ELS python3 3.6.8 9.8 CRITICAL Not Vulnerable 2023-10-27 11:23:24
CentOS 8.4 ELS python2 2.7.18 9.8 CRITICAL Already Fixed 2023-10-31 14:07:32
CentOS 8.5 ELS python2 2.7.18 9.8 CRITICAL Already Fixed 2023-10-31 14:07:32
CentOS 8.5 ELS python3 3.6.8 9.8 CRITICAL Already Fixed 2023-10-26 17:21:26
Ubuntu 18.04 ELS python3.6 3.6.9-1 9.8 CRITICAL Already Fixed 2023-05-29 08:56:46