CVE-2021-3177

Home/CVE/Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execu

CVE

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execu

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

CRITICAL · CVSS 9.8 EPSS 0.00072

Act now

Public exploit or PoC is available
SSVC automatable: yes - attacks can be scripted at scale
CVSS base score ≥ 7.0

Sigma rules8 YARA rules0

⬡

Weakness Classification

CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

▤

Affected Products & Versions

13

python>= 3.6.0 and <= 3.6.12
python>= 3.7.0 and <= 3.7.9
python>= 3.8.0 and <= 3.8.7
python>= 3.9.0 and <= 3.9.1
fedoraproject fedoraall versions
netapp active iq unified managerall versions
netapp ontap select deploy administration utilityall versions
debian linuxall versions
Show all 13 affected productsoracle communications cloud native core network function cloud native environmentall versions
oracle communications offline mediation controllerall versions
oracle communications pricing design centerall versions
oracle enterprise manager ops centerall versions
oracle zfs storage appliance kitall versions

⚠

Public Exploits & PoCs

1

pocbugs.python.org · issue42938bugs.python.org

◈

Sigma Hunt Rules

8

Exact rules name this CVE ID. Product rules name an affected product in their title. Related rules cover techniques used by actors who exploited this CVE. Showing the most relevant matches; the complete related set is on the full drill-down.

producthighPython Reverse Shell Execution Via PTY And Socket Modules

producthighInline Python Execution - Spawn Shell Via OS System Library

producthighPython One-Liners with Base64 Decoding - Linux

producthighPython Function Execution Security Warning Disabled In Excel

producthighPython One-Liners with Base64 Decoding

producthighPython Spawning Pretty TTY on Windows

Show all 8 top matches

producthighCredential Dumping Activity By Python Based Tool

producthighPython Function Execution Security Warning Disabled In Excel - Registry

▣

Scoring & Timeline

9.8

CRITICAL · CVSS v3.1 · cve@mitre.org

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD19 Jan 2021 · 06:15 AM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC triage · cisa-vulnrichment

Exploitation

poc

Automatable

yes

Technical impact

total

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

30

suse-csafopenSUSE-SU-2025:15713-1
suse-csafopenSUSE-SU-2024:14434-1
usnUSN-6891-1
suse-csafopenSUSE-SU-2024:14109-1
suse-csafopenSUSE-SU-2024:11202-1
Show all 30 vendor advisoriessuse-csafopenSUSE-SU-2024:11283-1
suse-csafopenSUSE-SU-2024:11284-1
suse-csafopenSUSE-SU-2024:11285-1
suse-csafopenSUSE-SU-2024:11286-1
suse-csafopenSUSE-SU-2024:12089-1
suse-csafopenSUSE-SU-2024:12910-1
siemens-csafSSA-398330
usnUSN-4754-5
rhsaRHSA-2021:3254Moderate
rhsaRHSA-2021:3252Moderate
usnUSN-4754-3
usnUSN-4754-4
usnUSN-4754-1
suse-csafopenSUSE-SU-2021:0331-1
suse-csafSUSE-SU-2021:0529-1
rhsaRHSA-2021:1633Moderate
suse-csafSUSE-SU-2021:0432-1
suse-csafopenSUSE-SU-2021:0270-1
suse-csafSUSE-SU-2021:0428-1
suse-csafSUSE-SU-2021:0355-1
msrcCVE-2021-3177
rhsaRHSA-2022:5235Moderate
rhsaRHSA-2021:1879Moderate
rhsaRHSA-2021:1761Moderate
oracle-cpuoracle-cpu-Enterprise-Manager-Ops-Center-9835--CVE-2021-3177