Description
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2006-1884)
WordPress Plugin Contact Form DB-Elementor Cross-Site Request Forgery (1.5)
WordPress Plugin FancyBox for WordPress Security Bypass (3.0.2)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-14642)
WordPress Plugin WordPress+Microsoft Office 365/Azure AD-LOGIN Cross-Site Scripting (15.3)