ALAS2-2021-1611

Affecting python-libs package, versions <2.7.18-1.amzn2.0.3

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to ALAS2-2021-1611. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2021-3177: A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack and crash the application. The highest threat from this vulnerability is to system availability. 1918168: CVE-2021-3177 python: stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c

Remediation

Upgrade python-libs to version or higher.

References

CVE
ALAS2-2021-1611
Snyk ID
SNYK-AMZN2-PYTHONLIBS-1077178
Published
20 Feb, 2021