CVE-2021-3177 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Arbitrary code execution |
Description | Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1597 | python2 | 2.7.18-2 | 2.7.18-3 | High | Fixed | FS#68063 |
AVG-1465 | python | 3.9.1-2 | 3.9.2-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
25 Mar 2021 | ASA-202103-27 | AVG-1597 | python2 | High | multiple issues |
27 Feb 2021 | ASA-202102-37 | AVG-1465 | python | Medium | multiple issues |