VulnerableCode Package Details - pkg:alpm/archlinux/python@3.9.2-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-dymx-8r2e-aaad Aliases: CVE-2021-3426	There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.	3.9.3-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-dymx-8r2e-aaad
Aliases:
CVE-2021-3426

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

3.9.3-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-gk4y-9r2y-aaar	Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.	CVE-2021-3177
VCID-y3pv-b3df-aaah	The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.	CVE-2021-23336

Vulnerability

Summary

Aliases

VCID-gk4y-9r2y-aaar

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

CVE-2021-3177

VCID-y3pv-b3df-aaah

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.

CVE-2021-23336

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:43.959521+00:00	Arch Linux Importer	Fixing	VCID-y3pv-b3df-aaah	https://security.archlinux.org/AVG-1465	36.0.0
2025-03-28T07:46:43.926673+00:00	Arch Linux Importer	Fixing	VCID-gk4y-9r2y-aaar	https://security.archlinux.org/AVG-1465	36.0.0
2025-03-28T07:46:37.418179+00:00	Arch Linux Importer	Affected by	VCID-dymx-8r2e-aaad	https://security.archlinux.org/AVG-1675	36.0.0
2024-09-18T02:02:04.752580+00:00	Arch Linux Importer	Fixing	VCID-y3pv-b3df-aaah	https://security.archlinux.org/AVG-1465	34.0.1
2024-09-18T02:02:04.726694+00:00	Arch Linux Importer	Fixing	VCID-gk4y-9r2y-aaar	https://security.archlinux.org/AVG-1465	34.0.1
2024-09-18T02:01:57.382846+00:00	Arch Linux Importer	Affected by	VCID-dymx-8r2e-aaad	https://security.archlinux.org/AVG-1675	34.0.1
2024-01-29T21:00:54.299152+00:00	Arch Linux Importer	Fixing	VCID-y3pv-b3df-aaah	https://security.archlinux.org/AVG-1465	34.0.0rc2
2024-01-29T21:00:54.276819+00:00	Arch Linux Importer	Fixing	VCID-gk4y-9r2y-aaar	https://security.archlinux.org/AVG-1465	34.0.0rc2
2024-01-03T22:28:07.304747+00:00	Arch Linux Importer	Fixing	VCID-y3pv-b3df-aaah	https://security.archlinux.org/AVG-1465	34.0.0rc1
2024-01-03T22:28:07.280813+00:00	Arch Linux Importer	Fixing	VCID-gk4y-9r2y-aaar	https://security.archlinux.org/AVG-1465	34.0.0rc1
2024-01-03T22:28:01.208731+00:00	Arch Linux Importer	Affected by	VCID-dymx-8r2e-aaad	https://security.archlinux.org/AVG-1675	34.0.0rc1