Description

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

Remediation

References

CVE-2021-3177

Related Vulnerabilities

WordPress Plugin RSS Post Importer Cross-Site Scripting (2.2.1)

WordPress Plugin Securimage-WP-Fixed Cross-Site Scripting (3.5.4)

WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Request Forgery (1.7.8)

b2evolution Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-5480)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (4.0.3)

Severity

Critical

Classification

CVE-2021-3177 CWE-120 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities