First published: Tue Jan 19 2021(Updated: )
Python is vulnerable to a buffer overflow, caused by improper bounds checking by the PyCArg_repr function in _ctypes/callproc.c. By sending specially-crafted arguments to c_double.from_param, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/python | <0:2.7.5-92.el7_9 | 0:2.7.5-92.el7_9 |
redhat/python3 | <0:3.6.8-37.el8 | 0:3.6.8-37.el8 |
redhat/python27-babel | <0:0.9.6-10.el7 | 0:0.9.6-10.el7 |
redhat/python27-python | <0:2.7.18-3.el7 | 0:2.7.18-3.el7 |
redhat/python27-python-jinja2 | <0:2.6-16.el7 | 0:2.6-16.el7 |
redhat/python27-python-pygments | <0:1.5-5.el7 | 0:1.5-5.el7 |
redhat/rh-python38-babel | <0:2.7.0-12.el7 | 0:2.7.0-12.el7 |
redhat/rh-python38-python | <0:3.8.11-2.el7 | 0:3.8.11-2.el7 |
redhat/rh-python38-python-cryptography | <0:2.8-5.el7 | 0:2.8-5.el7 |
redhat/rh-python38-python-jinja2 | <0:2.10.3-6.el7 | 0:2.10.3-6.el7 |
redhat/rh-python38-python-lxml | <0:4.4.1-7.el7 | 0:4.4.1-7.el7 |
redhat/rh-python38-python-pip | <0:19.3.1-2.el7 | 0:19.3.1-2.el7 |
redhat/rh-python38-python-urllib3 | <0:1.25.7-7.el7 | 0:1.25.7-7.el7 |
debian/python2.7 | <=2.7.16-2+deb10u1 | 2.7.16-2+deb10u4 2.7.18-8+deb11u1 |
debian/python3.7 | 3.7.3-2+deb10u3 3.7.3-2+deb10u7 | |
debian/python3.9 | 3.9.2-1 | |
ubuntu/python2.7 | <2.7.17-1~18.04ubuntu1.6 | 2.7.17-1~18.04ubuntu1.6 |
ubuntu/python2.7 | <2.7.18-1~20.04.1 | 2.7.18-1~20.04.1 |
ubuntu/python2.7 | <2.7.6-8ubuntu0.6+ | 2.7.6-8ubuntu0.6+ |
ubuntu/python2.7 | <2.7.12-1ubuntu0~16.04.18 | 2.7.12-1ubuntu0~16.04.18 |
ubuntu/python3.4 | <3.4.3-1ubuntu1~14.04.7+ | 3.4.3-1ubuntu1~14.04.7+ |
ubuntu/python3.5 | <3.5.2-2ubuntu0~16.04.13 | 3.5.2-2ubuntu0~16.04.13 |
ubuntu/python3.6 | <3.6.9-1~18.04ubuntu1.4 | 3.6.9-1~18.04ubuntu1.4 |
ubuntu/python3.7 | <3.7.5-2~18.04.4 | 3.7.5-2~18.04.4 |
ubuntu/python3.8 | <3.8.0-3~18.04.1 | 3.8.0-3~18.04.1 |
ubuntu/python3.8 | <3.8.5-1~20.04.2 | 3.8.5-1~20.04.2 |
ubuntu/python3.8 | <3.8.6-1ubuntu0.2 | 3.8.6-1ubuntu0.2 |
ubuntu/python3.9 | <3.9.5-3~20.04.1 | 3.9.5-3~20.04.1 |
ubuntu/python3.9 | <3.9.5-3~20.10.1 | 3.9.5-3~20.10.1 |
ubuntu/python3.9 | <3.9.1-3 | 3.9.1-3 |
Python Python | >=3.6.0<=3.6.12 | |
Python Python | >=3.7.0<=3.7.9 | |
Python Python | >=3.8.0<=3.8.7 | |
Python Python | >=3.9.0<=3.9.1 | |
Fedoraproject Fedora | =32 | |
Fedoraproject Fedora | =33 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
NetApp ONTAP Select Deploy administration utility | ||
Debian Debian Linux | =9.0 | |
Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =22.2.0 | |
Oracle Communications Offline Mediation Controller | =12.0.0.3.0 | |
Oracle Communications Pricing Design Center | =12.0.0.3.0 | |
Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
Oracle ZFS Storage Appliance Kit | =8.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2021-3177 is a vulnerability in Python that allows an attacker to overflow a buffer on the stack and potentially execute arbitrary code.
The severity of CVE-2021-3177 is critical with a CVSS score of 9.8.
Python versions 2.7.0 to 2.7.18, 3.6.0 to 3.6.12, 3.7.0 to 3.7.9, 3.8.0 to 3.8.7, and 3.9.0 to 3.9.1 are affected by CVE-2021-3177.
To fix CVE-2021-3177, upgrade to Python versions 2.7.19, 3.6.13, 3.7.10, 3.8.8, or 3.9.2 or later.
Yes, you can find more information about CVE-2021-3177 at the following references: [Link 1](https://bugs.python.org/issue42938), [Link 2](https://github.com/python/cpython/pull/24239), [Link 3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1918175).