Back to search
CVE-2021-3177
Published: Jan 19, 2021
Modified: Dec 18, 2025
PUBLISHED
Description
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2021-faf88b9499
vendor-advisory
FEDORA-2021-cc3ff94cfc
vendor-advisory
GLSA-202101-18
vendor-advisory
FEDORA-2021-e3a5a74610
vendor-advisory
FEDORA-2021-ced31f3f0c
vendor-advisory
FEDORA-2021-42ba9feb47
vendor-advisory
FEDORA-2021-076a2dccba
vendor-advisory
FEDORA-2021-851c6e4e2d
vendor-advisory
FEDORA-2021-66547ff92d
vendor-advisory
FEDORA-2021-17668e344a
vendor-advisory
FEDORA-2021-d5cde50865
vendor-advisory
FEDORA-2021-7547ad987f
vendor-advisory
FEDORA-2021-f4fd9372c7
vendor-advisory
FEDORA-2021-3352c1c802
vendor-advisory
FEDORA-2021-907f3bacae
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now