CVE-2021-3177: buffer overflow when parsing floats
Bug #1916480 reported by
quazgar
on 2021-02-22
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | python3.6 (Ubuntu) |
Undecided
|
Unassigned | ||
| | python3.8 (Ubuntu) |
Undecided
|
Unassigned | ||
Bug Description
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.
See also https:/
Fixed in 3.6.13.
CVE References
quazgar (quazgar)
on 2021-02-22
| information type: | Private Security → Public Security |
| Leonidas S. Barbosa (leosilvab) wrote : | #1 |
| Launchpad Janitor (janitor) wrote : | #2 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in python3.6 (Ubuntu): | |
| status: | New → Confirmed |
| Changed in python3.8 (Ubuntu): | |
| status: | New → Confirmed |
Nanush (nanush7)
on 2021-02-26
| Changed in python3.8 (Ubuntu): | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
Hey there,
There is a security update on going about this issue. Soon it's well tested we will publish it.
Thanks!