9.8
CVE-2021-3177
- EPSS 0.03%
- Published 19.01.2021 06:15:12
- Last modified 21.11.2024 06:21:03
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Data is provided by the National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows
Netapp ≫ Ontap Select Deploy Administration Utility Version-
Debian ≫ Debian Linux Version9.0
Oracle ≫ Communications Offline Mediation Controller Version12.0.0.3.0
Oracle ≫ Communications Pricing Design Center Version12.0.0.3.0
Oracle ≫ Enterprise Manager Ops Center Version12.4.0.0
Oracle ≫ Zfs Storage Appliance Kit Version8.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.081 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.