QSearchQSearch

CVE-2021-3177

9.8 CRITICAL

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain P...

Published: 2021-01-19 · Last updated: 2026-06-17

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-120

Affected products

VendorProduct
debianactive_iq_unified_manager, communications_cloud_native_core_network_function_cloud_native_environment, communications_offline_mediation_controller
fedoraprojectactive_iq_unified_manager, communications_cloud_native_core_network_function_cloud_native_environment, communications_offline_mediation_controller
netappactive_iq_unified_manager, communications_cloud_native_core_network_function_cloud_native_environment, communications_offline_mediation_controller
oracleactive_iq_unified_manager, communications_cloud_native_core_network_function_cloud_native_environment, communications_offline_mediation_controller
pythonactive_iq_unified_manager, communications_cloud_native_core_network_function_cloud_native_environment, communications_offline_mediation_controller

Description

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-35273 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) (9.8 CRITICAL)
  • CVE-2026-49975 Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
  • CVE-2026-46843 Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
  • CVE-2026-46842 Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
  • CVE-2026-46841 Vulnerability in Oracle REST Data Services (component: General) (5.3 MEDIUM)

Same CWE

  • CVE-2026-12328 Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151 (8.1 HIGH)
  • CVE-2026-12192 A vulnerability was determined in GALAYOU Y4 1.0.0 (8.8 HIGH)
  • CVE-2026-36818 Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter... (7.5 HIGH)
  • CVE-2026-36817 Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo paramet... (7.5 HIGH)
  • CVE-2026-36816 Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo paramete... (7.5 HIGH)