CVE-2021-3177
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-3177
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3177.json
- Aliases
- Related
- Published
- 2021-01-19T06:15:12Z
- Modified
- 2023-12-06T01:01:12.598113Z
- Details
-
Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.from_param. This occurs because sprintf is used unsafely.
- References
-
- https://bugs.python.org/issue42938
- https://security.gentoo.org/glsa/202101-18
- https://security.netapp.com/advisory/ntap-20210226-0003/
- https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
- https://lists.debian.org/debian-lts-announce/2022/02/msg00013.html
- https://github.com/python/cpython/pull/24239
- https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/
- https://news.ycombinator.com/item?id=26185005
Affected packages
Alpine:v3.10 / python3
Package
- Name
- python3
Alpine:v3.11 / python3
Package
- Name
- python3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed3.8.2-r2
Affected versions
3.*
3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
Alpine:v3.12 / python3
Package
- Name
- python3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed3.8.5-r1
Affected versions
3.*
3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
3.8.2-r3
3.8.3-r3
3.8.4-r3
Alpine:v3.13 / python3
Package
- Name
- python3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed3.8.7-r1
Affected versions
3.*
3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
3.8.2-r3
3.8.3-r3
3.8.4-r3
3.8.5-r3
3.8.6-r3
Alpine:v3.14 / python3
Package
- Name
- python3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed3.8.7-r2
Affected versions
3.*
3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
3.8.2-r3
3.8.3-r3
3.8.4-r3
3.8.5-r3
3.8.6-r3
Alpine:v3.15 / python3
Package
- Name
- python3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed3.8.7-r2
Affected versions
3.*
3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
3.8.2-r3
3.8.3-r3
3.8.4-r3
3.8.5-r3
3.8.6-r3
Alpine:v3.16 / python3
Package
- Name
- python3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed3.8.7-r2
Affected versions
3.*
3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
3.8.2-r3
3.8.3-r3
3.8.4-r3
3.8.5-r3
3.8.6-r3
Alpine:v3.17 / python3
Package
- Name
- python3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed3.8.7-r2
Affected versions
3.*
3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
3.8.2-r3
3.8.3-r3
3.8.4-r3
3.8.5-r3
3.8.6-r3
Alpine:v3.18 / python3
Package
- Name
- python3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed3.8.7-r2
Affected versions
3.*
3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3
3.8.2-r3
3.8.3-r3
3.8.4-r3
3.8.5-r3
3.8.6-r3
Git / github.com/openssh/openssh-portable
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssh/openssh-portable
- Events
-
Introduced0The exact introduced commit is unknownLast affectedLast affected
- Type
- GIT
- Repo
- https://github.com/python/cpython
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroduced
Affected versions
Other
ABOUT_TO_ADD_INET_ATON
AFTER_FREEBSD_PAM_MERGE
AFTER_KRB5_GSSAPI_MERGE
BEFORE_FREEBSD_PAM_MERGE
BEFORE_KRB5_GSSAPI_MERGE
POST_KRB4_REMOVAL
PRE-REORDER
PRE_CYGWIN_MERGE
PRE_DAN_PATCH_MERGE
PRE_FIXPATHS_INTEGRATION
PRE_HPUX_INTEGRATION
PRE_IPV6
PRE_KRB4_REMOVAL
PRE_NEW_LOGIN_CODE
PRE_SW_KRBV
V_1_2PRE17
V_1_2_1_PRE18
V_1_2_1_PRE19
V_1_2_1_PRE20
V_1_2_1_PRE21
V_1_2_1_PRE22
V_1_2_1_PRE23
V_1_2_1_PRE24
V_1_2_1_PRE25
V_1_2_1_PRE26
V_1_2_1_PRE27
V_1_2_2
V_1_2_2_P1
V_1_2_2_PRE28
V_1_2_2_PRE29
V_1_2_3
V_1_2_3_PRE1
V_1_2_3_PRE2
V_1_2_3_PRE3
V_1_2_3_PRE4
V_1_2_3_PRE5
V_1_2_3_TEST1
V_1_2_3_TEST2
V_1_2_3_TEST3
V_1_2_PRE10
V_1_2_PRE11
V_1_2_PRE12
V_1_2_PRE13
V_1_2_PRE14
V_1_2_PRE15
V_1_2_PRE16
V_1_2_PRE4
V_1_2_PRE5
V_1_2_PRE6
V_1_2_PRE7
V_1_2_PRE8
V_1_2_PRE9
V_2_0_0_BETA1
V_2_0_0_BETA2
V_2_0_0_TEST1
V_2_1_0
V_2_1_0_P1
V_2_1_0_P2
V_2_1_0_P3
V_2_1_1_P1
V_2_1_1_P2
V_2_1_1_P3
V_2_1_1_P4
V_2_2_0_P1
V_2_3_0_P1
V_2_5_0_P1
V_2_5_1_P1
V_2_5_1_P2
V_2_5_2_P1
V_3_0_1_P1
V_3_0_P1
V_3_1_P1
V_3_2_2_P1
V_3_4_P1
V_3_6_1_P1
V_3_8_P1
V_3_9_P1
v3.*
v3.8.0
v3.8.1
v3.8.1rc1
v3.8.2
v3.8.2rc1
v3.8.2rc2
v3.8.3
v3.8.3rc1
v3.8.4
v3.8.4rc1
v3.8.5
v3.8.6
v3.8.6rc1
v3.8.7
v3.8.7rc1
v3.9.0
v3.9.1
v3.9.1rc1