Python 3.9.1 and 3.8.8 have been rushed out by the Python Software Foundation after two security flaws. One of the two flaws is remotely exploitable, but only threatens to knock a machine offline. This remote code execution vulnerability is being tracked as CVE-2021-3177. The release of the new system upgrades came after customers were concerned about the security flaws. Many of the customers cannot see the release candidates for the upgraded systems, and wanted the release of the software to be expedited.
A buffer overflow in PyCArg_repr in ctypes/callproc.c may lead to the remote code execute in Python 3.x through 3.9.1. The security flaw affects Python applications that accept floating-point numbers as untrusted input. “Sprintf” is used unsafely and causes the bug to occur. RedHat has noted that attackers are most likely only able to create a denial of service attack, and pull the system offline with the remote code execution vulnerability.
Read more: Python programming language hurries out update to tackle remote code vulnerability
