Vulnetix
Try Vulnetix Request Demo
ALPINE-CVE-2021-3177 PUBLISHED CVSS 9.800000190734863 CRITICAL

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

Risk Scores

CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.21python33.3.3-r0, 3.8.7-r1, 3.8.7-r0
Alpine:v3.14python33.3.3-r0, 3.8.7-r1, 3.8.7-r0
Alpine:v3.22python33.6.8-r1, 3.6.8-r0, 3.6.7-r0
Alpine:v3.13python33.4.3-r2, 3.5.0-r0, 3.5.1-r0
Alpine:v3.18python33.5.2-r2, 3.8.7-r1, 3.8.7-r0
Alpine:v3.17python33.6.8-r0, 3.5.2-r9, 3.5.2-r8
Alpine:v3.12python33.6.7-r0, 0, 3.1.3-r0
Alpine:v3.10python30, 3.6.7-r0, 3.6.8-r0
Alpine:v3.19python33.8.1-r2, 3.8.1-r1, 3.8.1-r0
Alpine:v3.11python33.6.3-r6, 0, 3.1.3-r0
Alpine:v3.15python33.8.7-r0, 3.5.2-r9, 3.5.2-r8
Alpine:v3.20python30, 3.1.3-r0, 3.2.0-r0
Alpine:v3.23python33.8.7-r1, 0, 3.1.3-r0
Alpine:v3.16python33.8.7-r1, 0, 3.1.3-r0

Timeline

References

Open in Interactive Console →