CVE-2021-3177 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Arbitrary code execution
Description	Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1597	python2	2.7.18-2	2.7.18-3	High	Fixed	FS#68063
AVG-1465	python	3.9.1-2	3.9.2-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
25 Mar 2021	ASA-202103-27	AVG-1597	python2	High	multiple issues
27 Feb 2021	ASA-202102-37	AVG-1465	python	Medium	multiple issues

References
https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html https://bugs.python.org/issue42938 https://github.com/python/cpython/pull/24239 https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932

References

https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
https://bugs.python.org/issue42938
https://github.com/python/cpython/pull/24239
https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932