python3: ctypes double representation BoF (CVE-2021-3177)ID: oval:org.secpod.oval:def:1801932 | Date: (C)2021-08-02 (M)2023-11-10 |
Class: PATCH | Family: unix |
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Platform: |
Alpine Linux 3.10 |
Alpine Linux 3.11 |
Alpine Linux 3.12 |
Alpine Linux 3.13 |
Alpine Linux 3.14 |