Skip to main content

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2021-3177

Severity High
Score 9.8/10

Summary

Package cpython has a buffer overflow in `PyCArg_repr` in `_ctypes/callproc.c`, which may lead to Remote Code Execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a `1e300` argument to `c_double.from_param`. This occurs because `sprintf` is used unsafely. This affects versions 2.5.x through 2.7.18, 3.0.x through 3.5, 3.6.x through 3.6.12, 3.7.x through 3.7.9, 3.8.x through 3.8.7, 3.9.x through 3.9.1, and 3.10.x through 3.10.0a4. This issue also affects wrapped CPython for Node.js, versions 0.3.3-alpha.1 through 0.10.1.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Advisory Timeline

  • Published