First published: Tue Jan 19 2021(Updated: )
A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack and crash the application. The highest threat from this vulnerability is to system availability.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/python | <0:2.7.5-92.el7_9 | 0:2.7.5-92.el7_9 |
redhat/python3 | <0:3.6.8-37.el8 | 0:3.6.8-37.el8 |
redhat/python27-babel | <0:0.9.6-10.el7 | 0:0.9.6-10.el7 |
redhat/python27-python | <0:2.7.18-3.el7 | 0:2.7.18-3.el7 |
redhat/python27-python-jinja2 | <0:2.6-16.el7 | 0:2.6-16.el7 |
redhat/python27-python-pygments | <0:1.5-5.el7 | 0:1.5-5.el7 |
redhat/rh-python38-babel | <0:2.7.0-12.el7 | 0:2.7.0-12.el7 |
redhat/rh-python38-python | <0:3.8.11-2.el7 | 0:3.8.11-2.el7 |
redhat/rh-python38-python-cryptography | <0:2.8-5.el7 | 0:2.8-5.el7 |
redhat/rh-python38-python-jinja2 | <0:2.10.3-6.el7 | 0:2.10.3-6.el7 |
redhat/rh-python38-python-lxml | <0:4.4.1-7.el7 | 0:4.4.1-7.el7 |
redhat/rh-python38-python-pip | <0:19.3.1-2.el7 | 0:19.3.1-2.el7 |
redhat/rh-python38-python-urllib3 | <0:1.25.7-7.el7 | 0:1.25.7-7.el7 |
Python Python | >=3.6.0<=3.6.12 | |
Python Python | >=3.7.0<=3.7.9 | |
Python Python | >=3.8.0<=3.8.7 | |
Python Python | >=3.9.0<=3.9.1 | |
Fedoraproject Fedora | =32 | |
Fedoraproject Fedora | =33 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
NetApp ONTAP Select Deploy administration utility | ||
Debian Debian Linux | =9.0 | |
Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =22.2.0 | |
Oracle Communications Offline Mediation Controller | =12.0.0.3.0 | |
Oracle Communications Pricing Design Center | =12.0.0.3.0 | |
Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
Oracle ZFS Storage Appliance Kit | =8.8 | |
debian/python2.7 | 2.7.18-8+deb11u1 | |
debian/python3.9 | 3.9.2-1 3.9.2-1+deb11u2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2021-3177 is a vulnerability in Python that allows an attacker to overflow a buffer on the stack and potentially execute arbitrary code.
The severity of CVE-2021-3177 is critical with a CVSS score of 9.8.
Python versions 2.7.0 to 2.7.18, 3.6.0 to 3.6.12, 3.7.0 to 3.7.9, 3.8.0 to 3.8.7, and 3.9.0 to 3.9.1 are affected by CVE-2021-3177.
To fix CVE-2021-3177, upgrade to Python versions 2.7.19, 3.6.13, 3.7.10, 3.8.8, or 3.9.2 or later.
Yes, you can find more information about CVE-2021-3177 at the following references: [Link 1](https://bugs.python.org/issue42938), [Link 2](https://github.com/python/cpython/pull/24239), [Link 3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1918175).