Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ga74-8ch9-a3hc
Vulnerability ID VCID-ga74-8ch9-a3hc
Aliases CVE-2021-3177
Summary Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3177.json
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3177
archlinux Medium https://security.archlinux.org/AVG-1465
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3177.json
https://api.first.org/data/v1/epss?cve=CVE-2021-3177
1918168 https://bugzilla.redhat.com/show_bug.cgi?id=1918168
ASA-202102-37 https://security.archlinux.org/ASA-202102-37
AVG-1465 https://security.archlinux.org/AVG-1465
GLSA-202101-18 https://security.gentoo.org/glsa/202101-18
RHSA-2021:1633 https://access.redhat.com/errata/RHSA-2021:1633
RHSA-2021:1761 https://access.redhat.com/errata/RHSA-2021:1761
RHSA-2021:1879 https://access.redhat.com/errata/RHSA-2021:1879
RHSA-2021:3252 https://access.redhat.com/errata/RHSA-2021:3252
RHSA-2022:5235 https://access.redhat.com/errata/RHSA-2022:5235
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3177.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.21977
EPSS Score 0.00072
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:08:36.506551+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0