Vulnerability CVE-2021-3177: Information
Description
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
python | sisyphus | 2.7.18-alt6 | 2.7.18-alt11 | ALT-PU-2021-2420-1 | 281948 | Fixed |
python | p10 | 2.7.18-alt6 | 2.7.18-alt10 | ALT-PU-2021-2478-1 | 282117 | Fixed |
python | c10f1 | 2.7.18-alt6 | 2.7.18-alt10 | ALT-PU-2021-2478-1 | 282117 | Fixed |
python3 | sisyphus | 3.9.2-alt1 | 3.12.2-alt1 | ALT-PU-2021-1412-1 | 267062 | Fixed |
python3 | p10 | 3.9.2-alt1 | 3.9.18-alt1 | ALT-PU-2021-1412-1 | 267062 | Fixed |
python3 | p9 | 3.7.11-alt1 | 3.7.17-alt1 | ALT-PU-2021-2653-1 | 273501 | Fixed |
python3 | c10f1 | 3.9.2-alt1 | 3.9.18-alt0.c10f1.1 | ALT-PU-2021-1412-1 | 267062 | Fixed |
python3 | c9f2 | 3.7.17-alt1 | 3.7.17-alt1 | ALT-PU-2024-3474-2 | 342077 | Fixed |