Monday, March 1, 20:08
Home security Python after pressures releases updates to deal with a vulnerability ...

Python is under pressure to release updates to address an RCE vulnerability

Python Software Foundation (PSF) released Python versions 3.9.2 and 3.8.8 to address two major security vulnerabilities, including an RCE error.

PSF urges Python users to upgrade their systems to Python 3.8.8 or 3.9.2, in particular to address the Remote Code Execution (RCE) vulnerability referred to as CVE-2021-3177.

Python

The company accelerated their circulation after receiving unexpected pressure from some users who were worried about the security flaw.

"Since the announcement of the release candidates of versions 3.9.2 and 3.8.8, we have received a series of surveys from end users that us urge to speed up final releases due to security content, especially CVE-2021-3177 ″, said Python.

Python 3.x to 3.9.1 has a buffer overflow in PyCArg_repr on ctypes / callproc.c, which can lead to remote code execution.

Affects Python applications that "accept floating-point numbers as unreliable input, as shown by argument 1e300 in c_double.from_param."

The error occurs because "sprintf" is used in an unsafe way. The impact is wide because Python is pre-installed with many Linux distributions and Windows 10.

Various Linux distributions, such as Debian, have supported security patches to ensure that embedded versions of Python are protected.

Vulnerability is a common memory defect. According to RedHat, one buffer overflow (based on stack) in the Python cyypes unit incorrectly validated the input, "which would allow an attacker to overflow a buffer on the stack and destroy application. "

While the RCE vulnerability is actually very negative, RedHat notes that “the biggest threat from this vulnerability is system availability. ” In other words, an attacker would probably be able to make a denial of service attack.

Source of information: zdnet.com

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS