*** This bug is a security vulnerability *** Public security bug reported:
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. See also https://ubuntu.com/security/CVE-2021-3177. Fixed in 3.6.13. ** Affects: python3.6 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1916480 Title: CVE-2021-3177: buffer overflow when parsing floats To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python3.6/+bug/1916480/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
