ALAS2-2021-1611

Affecting python package, versions <2.7.18-1.amzn2.0.3

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to ALAS2-2021-1611. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2021-3177: A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack and crash the application. The highest threat from this vulnerability is to system availability. 1918168: CVE-2021-3177 python: stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c

Remediation

Upgrade python to version or higher.

References

CVE
ALAS2-2021-1611
Snyk ID
SNYK-AMZN2-PYTHON-1077177
Published
20 Feb, 2021