CVE-2021-3177
19.01.2021, 06:15
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Vendor | Product | Version |
---|---|---|
python | python | 3.6.0 ≤ 𝑥 ≤ 3.6.12 |
python | python | 3.7.0 ≤ 𝑥 ≤ 3.7.9 |
python | python | 3.8.0 ≤ 𝑥 ≤ 3.8.7 |
python | python | 3.9.0 ≤ 𝑥 ≤ 3.9.1 |
netapp | active_iq_unified_manager | - |
netapp | active_iq_unified_manager | - |
netapp | ontap_select_deploy_administration_utility | - |
debian | debian_linux | 9.0 |
oracle | communications_cloud_native_core_network_function_cloud_native_environment | 22.2.0 |
oracle | communications_offline_mediation_controller | 12.0.0.3.0 |
oracle | communications_pricing_design_center | 12.0.0.3.0 |
oracle | enterprise_manager_ops_center | 12.4.0.0 |
oracle | zfs_storage_appliance_kit | 8.8 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
python2.7 |
| ||||||||||||||||||||||||
python3.4 |
| ||||||||||||||||||||||||
python3.5 |
| ||||||||||||||||||||||||
python3.6 |
| ||||||||||||||||||||||||
python3.7 |
| ||||||||||||||||||||||||
python3.8 |
| ||||||||||||||||||||||||
python3.9 |
|
References