{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3177","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2025-12-18T15:03:34.545Z","dateReserved":"2021-01-19T00:00:00.000Z","datePublished":"2021-01-19T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2023-05-24T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://bugs.python.org/issue42938"},{"url":"https://github.com/python/cpython/pull/24239"},{"url":"https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html"},{"name":"FEDORA-2021-faf88b9499","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/"},{"name":"FEDORA-2021-cc3ff94cfc","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/"},{"name":"GLSA-202101-18","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202101-18"},{"name":"FEDORA-2021-e3a5a74610","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/"},{"name":"FEDORA-2021-ced31f3f0c","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/"},{"name":"FEDORA-2021-42ba9feb47","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/"},{"name":"FEDORA-2021-076a2dccba","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/"},{"name":"FEDORA-2021-851c6e4e2d","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/"},{"name":"FEDORA-2021-66547ff92d","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/"},{"name":"FEDORA-2021-17668e344a","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/"},{"name":"FEDORA-2021-d5cde50865","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/"},{"name":"FEDORA-2021-7547ad987f","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/"},{"name":"FEDORA-2021-f4fd9372c7","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/"},{"name":"FEDORA-2021-3352c1c802","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/"},{"name":"[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"},{"name":"FEDORA-2021-907f3bacae","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/"},{"name":"[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"url":"https://news.ycombinator.com/item?id=26185005"},{"url":"https://security.netapp.com/advisory/ntap-20210226-0003/"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"name":"[debian-lts-announce] 20220212 [SECURITY] [DLA 2919-1] python2.7 security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00013.html"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"name":"[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T16:45:51.394Z"},"title":"CVE Program Container","references":[{"url":"https://bugs.python.org/issue42938","tags":["x_transferred"]},{"url":"https://github.com/python/cpython/pull/24239","tags":["x_transferred"]},{"url":"https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html","tags":["x_transferred"]},{"name":"FEDORA-2021-faf88b9499","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/"},{"name":"FEDORA-2021-cc3ff94cfc","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/"},{"name":"GLSA-202101-18","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202101-18"},{"name":"FEDORA-2021-e3a5a74610","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/"},{"name":"FEDORA-2021-ced31f3f0c","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/"},{"name":"FEDORA-2021-42ba9feb47","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/"},{"name":"FEDORA-2021-076a2dccba","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/"},{"name":"FEDORA-2021-851c6e4e2d","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/"},{"name":"FEDORA-2021-66547ff92d","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/"},{"name":"FEDORA-2021-17668e344a","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/"},{"name":"FEDORA-2021-d5cde50865","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/"},{"name":"FEDORA-2021-7547ad987f","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/"},{"name":"FEDORA-2021-f4fd9372c7","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/"},{"name":"FEDORA-2021-3352c1c802","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/"},{"name":"[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"},{"name":"FEDORA-2021-907f3bacae","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/"},{"name":"[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","tags":["x_transferred"]},{"url":"https://news.ycombinator.com/item?id=26185005","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20210226-0003/","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","tags":["x_transferred"]},{"name":"[debian-lts-announce] 20220212 [SECURITY] [DLA 2919-1] python2.7 security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00013.html"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","tags":["x_transferred"]},{"name":"[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-120","lang":"en","description":"CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-12-18T15:03:29.016940Z","id":"CVE-2021-3177","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-18T15:03:34.545Z"}}]}}