LLeo Famulari wrote on 19 Feb 2021 04:21
(address . firstname.lastname@example.org)
Quoting from MITRE:
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution in certain
Python applications that accept floating-point numbers as untrusted
input, as demonstrated by a 1e300 argument to c_double.from_param. This
occurs because sprintf is used unsafely.
There is not yet an upstream release to fix the issue in the 3.8 series
that we distribute. I believe there are patches we can cherry-pick. Can
somebody find them?
I assume that Python is considered to be "graft-able". Can anyone
The upstream bug report: