PSF-2021-3
See a problem?- Import Source
- https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2021-3.json
- JSON Data
- https://api.osv.dev/v1/vulns/PSF-2021-3
- Aliases
- Published
- 2021-01-19T00:00:00Z
- Modified
- 2025-10-09T01:01:06.315563Z
- Summary
- ctypes: Buffer overflow in PyCArg_repr
- Details
-
Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.from_param. This occurs because sprintf is used unsafely.
- Database specific
{ "cwe_ids": [] }- References
Affected packages
Git / github.com/python/cpython
Affected ranges
- Type
- GIT
- Repo
- https://github.com/python/cpython
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixedFixed
Affected versions
2.*
2.5
3.*
3.2
v0.*
v0.9.8
v0.9.9
v1.*
v1.0.1
v1.0.2
v1.1
v1.1.1
v1.2
v1.2b1
v1.2b2
v1.2b3
v1.2b4
v1.3
v1.3b1
v1.4
v1.4b1
v1.4b2
v1.4b3
v1.5
v1.5.1
v1.5.2
v1.5.2a1
v1.5.2a2
v1.5.2b1
v1.5.2b2
v1.5.2c1
v1.5a1
v1.5a2
v1.5a3
v1.5a4
v1.5b1
v1.5b2
v1.6a1
v1.6a2
v2.*
v2.0
v2.0b1
v2.0b2
v2.0c1
v2.1
v2.1a1
v2.1a2
v2.1b1
v2.1b2
v2.1c1
v2.1c2
v2.2a3
v2.3c1
v2.3c2
v2.4
v2.4a1
v2.4a2
v2.4a3
v2.4b1
v2.4b2
v2.4c1
v2.5
v2.5.1
v2.5.1c1
v2.5.2
v2.5.2c1
v2.5.3
v2.5.3c1
v2.5.4
v2.5.5
v2.5.5c1
v2.5.5c2
v2.5.6
v2.5.6c1
v2.5a0
v2.5a1
v2.5a2
v2.5b1
v2.5b2
v2.5b3
v2.5c1
v2.5c2
v2.6
v2.6.1
v2.6.2
v2.6.2c1
v2.6.3
v2.6.3rc1
v2.6.4
v2.6.4rc1
v2.6.4rc2
v2.6.5
v2.6.5rc1
v2.6.5rc2
v2.6.6
v2.6.6rc1
v2.6.6rc2
v2.6.7
v2.6.8
v2.6.8rc1
v2.6.8rc2
v2.6a1
v2.6a2
v2.6a3
v2.6b1
v2.6b2
v2.6b3
v2.6rc1
v2.6rc2
v2.7
v2.7.1
v2.7.1rc1
v2.7.2
v2.7.2rc1
v2.7.3
v2.7.3rc1
v2.7.3rc2
v2.7.4rc1
v2.7a1
v2.7a2
v2.7a3
v2.7a4
v2.7b1
v2.7b2
v2.7rc1
v2.7rc2
v3.*
v3.0a1
v3.0a2
v3.0a3
v3.0a4
v3.0a5
v3.0b1
v3.0b2
v3.0b3
v3.0rc1
v3.0rc2
v3.0rc3
v3.1
v3.1.1
v3.1.1rc1
v3.1.2
v3.1.2rc1
v3.1.3
v3.1.3rc1
v3.1.4
v3.1.4rc1
v3.1.5
v3.1.5rc1
v3.1.5rc2
v3.10.0a1
v3.10.0a2
v3.10.0a3
v3.10.0a4
v3.1a1
v3.1a2
v3.1b1
v3.1rc1
v3.1rc2
v3.2
v3.2.1
v3.2.1b1
v3.2.1rc1
v3.2.1rc2
v3.2.2
v3.2.2rc1
v3.2.3
v3.2.3rc1
v3.2.3rc2
v3.2.4
v3.2.4rc1
v3.2.5
v3.2.6
v3.2.6rc1
v3.2a1
v3.2a2
v3.2a3
v3.2a4
v3.2b1
v3.2b2
v3.2rc1
v3.2rc2
v3.2rc3
v3.3.0
v3.3.0a1
v3.3.0a2
v3.3.0a3
v3.3.0a4
v3.3.0b1
v3.3.0b2
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.3.1
v3.3.1rc1
v3.3.2
v3.3.3
v3.3.3rc1
v3.3.3rc2
v3.3.4
v3.3.4rc1
v3.3.5
v3.3.5rc1
v3.3.5rc2
v3.3.6
v3.3.6rc1
v3.4.0
v3.4.0a1
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0b1
v3.4.0b2
v3.4.0b3
v3.4.0rc1
v3.4.0rc2
v3.4.0rc3
v3.4.1
v3.4.1rc1
v3.4.2
v3.4.2rc1
v3.4.3
v3.4.3rc1
v3.4.4
v3.4.4rc1
v3.4.5
v3.4.5rc1
v3.4.6
v3.4.6rc1
v3.5.0
v3.5.0a1
v3.5.0a2
v3.5.0a3
v3.5.0a4
v3.5.0b1
v3.5.0b2
v3.5.0b3
v3.5.0b4
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.0rc4
v3.5.1
v3.5.1rc1
v3.5.2
v3.5.2rc1
v3.5.3
v3.5.3rc1
v3.6.0
v3.6.0a1
v3.6.0a2
v3.6.0a3
v3.6.0a4
v3.6.0b1
v3.6.0b2
v3.6.0b3
v3.6.0b4
v3.6.0rc1
v3.6.0rc2
v3.7.0a1
v3.7.0a2
v3.7.0a3
v3.7.0a4
v3.8.0a1
v3.8.0a2
v3.8.0a3
v3.8.0a4
v3.8.0b1
v3.9.0
v3.9.0a1
v3.9.0a2
v3.9.0a3
v3.9.0a4
v3.9.0a5
v3.9.0a6
v3.9.0b1
v3.9.0b2
v3.9.0b3
v3.9.0b4
v3.9.0b5
v3.9.0rc1
v3.9.0rc2
v3.9.1
v3.9.1rc1
Database specific
vanir_signatures
[
{
"id": "PSF-2021-3-17f12a79",
"deprecated": false,
"digest": {
"length": 1562.0,
"function_hash": "269827137431301017895595727382632663049"
},
"signature_version": "v1",
"target": {
"function": "PyCArg_repr",
"file": "Modules/_ctypes/callproc.c"
},
"signature_type": "Function",
"source": "https://github.com/python/cpython/commit/34df10a9a16b38d54421eeeaf73ec89828563be7"
},
{
"id": "PSF-2021-3-414a823a",
"deprecated": false,
"digest": {
"line_hashes": [
"146841813386207376391544739151106575058",
"177115410101835897475648867715177370573",
"111840868461359711955477609877675314317",
"226015986403830196610105287536327176841",
"31943601925906011329811716754763988048",
"141448412175307880451743445131528404578",
"275609593790839204810254834723360322300",
"274439000060089632247593199928263739312",
"135524769389693839566368965974170150700",
"317712741498745082386031959342710854388",
"26697299540539411130410480736220001623",
"304768594592273667418681871239585624348",
"292900422329381971789120624196670759921",
"165704011656638112186603239545834692512",
"97451332192505258917213782126922013472",
"289053560383778029302959544786268514706",
"116995527637165631521647199479625494405",
"295411691583054370411722165324234943415",
"56846575991751030909970629824601016780",
"43672902678765331968990633714380902085",
"73231902918649775164525547501389947192",
"289253941880028699899401458449970493129",
"339857575764264273221072918151705932455",
"60964802071021770683843993491406847455",
"185611701820738193645505357105120818545",
"230116684196061449426250341058459893329",
"183956073363697673512797377825089370185",
"165213894182692287709475957614410904106",
"153087117138467504881998010093109678835",
"336272958189833777155751381994463586012",
"88515023003675154457288159982111425455",
"323515569122014699688219750990056754571",
"120926957480894721624818958219567638374",
"152865068026187283519904214678477097331",
"201853363938744172368323877317307597138",
"149451130326082922058257660966165471847",
"54584510415640477406558181272224255039",
"186610162193189343921905041963320636080",
"71727816483796699685632006672456932734",
"105018855893142008490331121901257639792",
"46958789373456020657781330013583195902",
"304389860082079670233883513662829705424",
"150316231270823502607029984840648570980",
"259715960714011669861570758290189555595",
"182485581653190782723653040600113736141",
"311558861351614989206607298031762897717",
"3543512060219023789041215740380688825",
"252142618139230305775358507882542776070",
"284765530301044536668281425245399224229",
"41794440003891290204837731689981315442",
"203394690402959054554140979860940402739",
"21279742005836859143148446862874130603",
"230578157503353657203986442760668293710",
"121452900402306593314401201136535966727",
"190729036860954624160105981372236676778",
"292250639816293776154174441841152260538",
"319479483684745982472579626252453430927",
"302444283096374884638713801514811909869",
"325900917015924859173559724670744683977",
"249765935825797188795091084691099333740",
"311704800130922227681962531551706313826",
"287477864282436254006368596213605744343",
"220486109866259236387088942968936365337",
"78668267569125947496066005238884978044",
"252384212751535156283453659488152946980",
"48900025688027896456415923404591389632",
"114120602491450621347991926703962817643",
"67307903012137818882275495380397159503",
"89897472658675236143452021150999547654",
"167938632520342155642373227594816187385",
"200021421211481278166022177128394130694"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "Modules/_ctypes/callproc.c"
},
"signature_type": "Line",
"source": "https://github.com/python/cpython/commit/916610ef90a0d0761f08747f7b0905541f0977c7"
},
{
"id": "PSF-2021-3-44e436a1",
"deprecated": false,
"digest": {
"length": 1586.0,
"function_hash": "48699501764294426726001893517804823320"
},
"signature_version": "v1",
"target": {
"function": "PyCArg_repr",
"file": "Modules/_ctypes/callproc.c"
},
"signature_type": "Function",
"source": "https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f"
},
{
"id": "PSF-2021-3-6877e2ea",
"deprecated": false,
"digest": {
"length": 1586.0,
"function_hash": "48699501764294426726001893517804823320"
},
"signature_version": "v1",
"target": {
"function": "PyCArg_repr",
"file": "Modules/_ctypes/callproc.c"
},
"signature_type": "Function",
"source": "https://github.com/python/cpython/commit/916610ef90a0d0761f08747f7b0905541f0977c7"
},
{
"id": "PSF-2021-3-754eb5e6",
"deprecated": false,
"digest": {
"length": 1586.0,
"function_hash": "48699501764294426726001893517804823320"
},
"signature_version": "v1",
"target": {
"function": "PyCArg_repr",
"file": "Modules/_ctypes/callproc.c"
},
"signature_type": "Function",
"source": "https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932"
},
{
"id": "PSF-2021-3-7647610d",
"deprecated": false,
"digest": {
"line_hashes": [
"146841813386207376391544739151106575058",
"177115410101835897475648867715177370573",
"111840868461359711955477609877675314317",
"226015986403830196610105287536327176841",
"31943601925906011329811716754763988048",
"141448412175307880451743445131528404578",
"275609593790839204810254834723360322300",
"274439000060089632247593199928263739312",
"135524769389693839566368965974170150700",
"317712741498745082386031959342710854388",
"26697299540539411130410480736220001623",
"304768594592273667418681871239585624348",
"292900422329381971789120624196670759921",
"165704011656638112186603239545834692512",
"97451332192505258917213782126922013472",
"289053560383778029302959544786268514706",
"116995527637165631521647199479625494405",
"295411691583054370411722165324234943415",
"56846575991751030909970629824601016780",
"43672902678765331968990633714380902085",
"73231902918649775164525547501389947192",
"289253941880028699899401458449970493129",
"339857575764264273221072918151705932455",
"60964802071021770683843993491406847455",
"185611701820738193645505357105120818545",
"230116684196061449426250341058459893329",
"183956073363697673512797377825089370185",
"165213894182692287709475957614410904106",
"153087117138467504881998010093109678835",
"336272958189833777155751381994463586012",
"88515023003675154457288159982111425455",
"323515569122014699688219750990056754571",
"120926957480894721624818958219567638374",
"152865068026187283519904214678477097331",
"201853363938744172368323877317307597138",
"149451130326082922058257660966165471847",
"54584510415640477406558181272224255039",
"186610162193189343921905041963320636080",
"71727816483796699685632006672456932734",
"105018855893142008490331121901257639792",
"46958789373456020657781330013583195902",
"304389860082079670233883513662829705424",
"150316231270823502607029984840648570980",
"259715960714011669861570758290189555595",
"182485581653190782723653040600113736141",
"311558861351614989206607298031762897717",
"3543512060219023789041215740380688825",
"252142618139230305775358507882542776070",
"284765530301044536668281425245399224229",
"41794440003891290204837731689981315442",
"203394690402959054554140979860940402739",
"21279742005836859143148446862874130603",
"230578157503353657203986442760668293710",
"121452900402306593314401201136535966727",
"190729036860954624160105981372236676778",
"292250639816293776154174441841152260538",
"319479483684745982472579626252453430927",
"302444283096374884638713801514811909869",
"325900917015924859173559724670744683977",
"249765935825797188795091084691099333740",
"311704800130922227681962531551706313826",
"287477864282436254006368596213605744343",
"220486109866259236387088942968936365337",
"78668267569125947496066005238884978044",
"252384212751535156283453659488152946980",
"48900025688027896456415923404591389632",
"114120602491450621347991926703962817643",
"67307903012137818882275495380397159503",
"89897472658675236143452021150999547654",
"167938632520342155642373227594816187385",
"200021421211481278166022177128394130694"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "Modules/_ctypes/callproc.c"
},
"signature_type": "Line",
"source": "https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f"
},
{
"id": "PSF-2021-3-95972b65",
"deprecated": false,
"digest": {
"line_hashes": [
"146841813386207376391544739151106575058",
"177115410101835897475648867715177370573",
"111840868461359711955477609877675314317",
"226015986403830196610105287536327176841",
"31943601925906011329811716754763988048",
"141448412175307880451743445131528404578",
"275609593790839204810254834723360322300",
"274439000060089632247593199928263739312",
"135524769389693839566368965974170150700",
"317712741498745082386031959342710854388",
"26697299540539411130410480736220001623",
"304768594592273667418681871239585624348",
"292900422329381971789120624196670759921",
"165704011656638112186603239545834692512",
"97451332192505258917213782126922013472",
"289053560383778029302959544786268514706",
"116995527637165631521647199479625494405",
"295411691583054370411722165324234943415",
"56846575991751030909970629824601016780",
"43672902678765331968990633714380902085",
"73231902918649775164525547501389947192",
"289253941880028699899401458449970493129",
"339857575764264273221072918151705932455",
"60964802071021770683843993491406847455",
"185611701820738193645505357105120818545",
"230116684196061449426250341058459893329",
"183956073363697673512797377825089370185",
"165213894182692287709475957614410904106",
"153087117138467504881998010093109678835",
"336272958189833777155751381994463586012",
"88515023003675154457288159982111425455",
"323515569122014699688219750990056754571",
"120926957480894721624818958219567638374",
"152865068026187283519904214678477097331",
"201853363938744172368323877317307597138",
"149451130326082922058257660966165471847",
"54584510415640477406558181272224255039",
"186610162193189343921905041963320636080",
"71727816483796699685632006672456932734",
"105018855893142008490331121901257639792",
"46958789373456020657781330013583195902",
"304389860082079670233883513662829705424",
"150316231270823502607029984840648570980",
"259715960714011669861570758290189555595",
"182485581653190782723653040600113736141",
"311558861351614989206607298031762897717",
"3543512060219023789041215740380688825",
"252142618139230305775358507882542776070",
"284765530301044536668281425245399224229",
"41794440003891290204837731689981315442",
"203394690402959054554140979860940402739",
"21279742005836859143148446862874130603",
"230578157503353657203986442760668293710",
"121452900402306593314401201136535966727",
"190729036860954624160105981372236676778",
"292250639816293776154174441841152260538",
"319479483684745982472579626252453430927",
"302444283096374884638713801514811909869",
"325900917015924859173559724670744683977",
"261117755095917948414090263975732204827",
"224194853777163262730740592140033185673",
"306008721389460870867390619453688092422",
"202859736383957821759319002634597040987",
"69014757936064955291767351357113721524",
"281550148488602862043726673756884282814",
"53079054406435619761519105708372722937",
"324837742500132711471914718012600249130",
"67307903012137818882275495380397159503",
"89897472658675236143452021150999547654",
"167938632520342155642373227594816187385",
"200021421211481278166022177128394130694"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "Modules/_ctypes/callproc.c"
},
"signature_type": "Line",
"source": "https://github.com/python/cpython/commit/d9b8f138b7df3b455b54653ca59f491b4840d6fa"
},
{
"id": "PSF-2021-3-a95d5952",
"deprecated": false,
"digest": {
"line_hashes": [
"146841813386207376391544739151106575058",
"177115410101835897475648867715177370573",
"111840868461359711955477609877675314317",
"226015986403830196610105287536327176841",
"31943601925906011329811716754763988048",
"141448412175307880451743445131528404578",
"275609593790839204810254834723360322300",
"274439000060089632247593199928263739312",
"135524769389693839566368965974170150700",
"317712741498745082386031959342710854388",
"26697299540539411130410480736220001623",
"304768594592273667418681871239585624348",
"292900422329381971789120624196670759921",
"165704011656638112186603239545834692512",
"97451332192505258917213782126922013472",
"289053560383778029302959544786268514706",
"116995527637165631521647199479625494405",
"295411691583054370411722165324234943415",
"56846575991751030909970629824601016780",
"43672902678765331968990633714380902085",
"73231902918649775164525547501389947192",
"289253941880028699899401458449970493129",
"339857575764264273221072918151705932455",
"60964802071021770683843993491406847455",
"185611701820738193645505357105120818545",
"230116684196061449426250341058459893329",
"183956073363697673512797377825089370185",
"165213894182692287709475957614410904106",
"153087117138467504881998010093109678835",
"336272958189833777155751381994463586012",
"88515023003675154457288159982111425455",
"323515569122014699688219750990056754571",
"120926957480894721624818958219567638374",
"152865068026187283519904214678477097331",
"201853363938744172368323877317307597138",
"149451130326082922058257660966165471847",
"54584510415640477406558181272224255039",
"186610162193189343921905041963320636080",
"71727816483796699685632006672456932734",
"105018855893142008490331121901257639792",
"46958789373456020657781330013583195902",
"304389860082079670233883513662829705424",
"150316231270823502607029984840648570980",
"259715960714011669861570758290189555595",
"182485581653190782723653040600113736141",
"311558861351614989206607298031762897717",
"3543512060219023789041215740380688825",
"252142618139230305775358507882542776070",
"284765530301044536668281425245399224229",
"41794440003891290204837731689981315442",
"203394690402959054554140979860940402739",
"21279742005836859143148446862874130603",
"230578157503353657203986442760668293710",
"121452900402306593314401201136535966727",
"190729036860954624160105981372236676778",
"292250639816293776154174441841152260538",
"319479483684745982472579626252453430927",
"302444283096374884638713801514811909869",
"325900917015924859173559724670744683977",
"249765935825797188795091084691099333740",
"311704800130922227681962531551706313826",
"287477864282436254006368596213605744343",
"220486109866259236387088942968936365337",
"78668267569125947496066005238884978044",
"252384212751535156283453659488152946980",
"48900025688027896456415923404591389632",
"114120602491450621347991926703962817643",
"67307903012137818882275495380397159503",
"89897472658675236143452021150999547654",
"167938632520342155642373227594816187385",
"200021421211481278166022177128394130694"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "Modules/_ctypes/callproc.c"
},
"signature_type": "Line",
"source": "https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932"
},
{
"id": "PSF-2021-3-b9a83cc3",
"deprecated": false,
"digest": {
"line_hashes": [
"146841813386207376391544739151106575058",
"177115410101835897475648867715177370573",
"111840868461359711955477609877675314317",
"226015986403830196610105287536327176841",
"31943601925906011329811716754763988048",
"141448412175307880451743445131528404578",
"275609593790839204810254834723360322300",
"274439000060089632247593199928263739312",
"135524769389693839566368965974170150700",
"317712741498745082386031959342710854388",
"26697299540539411130410480736220001623",
"304768594592273667418681871239585624348",
"292900422329381971789120624196670759921",
"165704011656638112186603239545834692512",
"97451332192505258917213782126922013472",
"289053560383778029302959544786268514706",
"116995527637165631521647199479625494405",
"295411691583054370411722165324234943415",
"56846575991751030909970629824601016780",
"43672902678765331968990633714380902085",
"73231902918649775164525547501389947192",
"289253941880028699899401458449970493129",
"339857575764264273221072918151705932455",
"60964802071021770683843993491406847455",
"185611701820738193645505357105120818545",
"230116684196061449426250341058459893329",
"183956073363697673512797377825089370185",
"165213894182692287709475957614410904106",
"153087117138467504881998010093109678835",
"336272958189833777155751381994463586012",
"88515023003675154457288159982111425455",
"323515569122014699688219750990056754571",
"120926957480894721624818958219567638374",
"152865068026187283519904214678477097331",
"201853363938744172368323877317307597138",
"149451130326082922058257660966165471847",
"54584510415640477406558181272224255039",
"186610162193189343921905041963320636080",
"71727816483796699685632006672456932734",
"105018855893142008490331121901257639792",
"46958789373456020657781330013583195902",
"304389860082079670233883513662829705424",
"150316231270823502607029984840648570980",
"259715960714011669861570758290189555595",
"182485581653190782723653040600113736141",
"311558861351614989206607298031762897717",
"3543512060219023789041215740380688825",
"252142618139230305775358507882542776070",
"284765530301044536668281425245399224229",
"41794440003891290204837731689981315442",
"203394690402959054554140979860940402739",
"21279742005836859143148446862874130603",
"230578157503353657203986442760668293710",
"121452900402306593314401201136535966727",
"190729036860954624160105981372236676778",
"292250639816293776154174441841152260538",
"319479483684745982472579626252453430927",
"302444283096374884638713801514811909869",
"325900917015924859173559724670744683977",
"261117755095917948414090263975732204827",
"224194853777163262730740592140033185673",
"306008721389460870867390619453688092422",
"202859736383957821759319002634597040987",
"69014757936064955291767351357113721524",
"281550148488602862043726673756884282814",
"53079054406435619761519105708372722937",
"324837742500132711471914718012600249130",
"67307903012137818882275495380397159503",
"89897472658675236143452021150999547654",
"167938632520342155642373227594816187385",
"200021421211481278166022177128394130694"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "Modules/_ctypes/callproc.c"
},
"signature_type": "Line",
"source": "https://github.com/python/cpython/commit/34df10a9a16b38d54421eeeaf73ec89828563be7"
},
{
"id": "PSF-2021-3-daf44a5a",
"deprecated": false,
"digest": {
"length": 1562.0,
"function_hash": "269827137431301017895595727382632663049"
},
"signature_version": "v1",
"target": {
"function": "PyCArg_repr",
"file": "Modules/_ctypes/callproc.c"
},
"signature_type": "Function",
"source": "https://github.com/python/cpython/commit/d9b8f138b7df3b455b54653ca59f491b4840d6fa"
}
]