Описание
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.9 | fixed | 3.9.1-3 | package | |
| python3.8 | removed | package | ||
| python3.7 | removed | package | ||
| python3.7 | fixed | 3.7.3-2+deb10u3 | buster | package |
| python3.7 | no-dsa | stretch | package | |
| python3.5 | removed | package | ||
| python2.7 | fixed | 2.7.18-2 | package |
Примечания
https://bugs.python.org/issue42938
https://github.com/python/cpython/pull/24239
https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
https://github.com/python/cpython/commit/916610ef90a0d0761f08747f7b0905541f0977c7 (master)
https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932 (3.9)
https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f (3.8)
https://github.com/python/cpython/commit/d9b8f138b7df3b455b54653ca59f491b4840d6fa (3.7)
https://github.com/python/cpython/commit/34df10a9a16b38d54421eeeaf73ec89828563be7 (3.6)
EPSS
Связанные уязвимости
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
EPSS