Friday, September 24, 2021

Python release quick updates to Fix remote code vulnerabilities

Must Read

DuckDuckGo passes 100M daily search queries for the first time in 12 years

DuckDuckGo reaches a historic milestone in a week when both Signal and Telegram saw a huge influx of new...

What is a Cyber Attack

A Cyberattack is an attack against a computer system, network infrastructure, and personal system using one or more computers...

Months after cyber-attack, Stolen Data from London Council Published Online By hackers

The Information that was stolen has been published on the darknet.Sensitive data stolen from Hackney Council in the UK...

The Python Software Foundation (PSF) has rapidly launched Python 3.9.2 and 3.8.8 to address two significant security breaches, including one that is exploited remotely but with active terms that can only be used to hack an offline machine.

The PSF urges its Python users legion to upgrade to Python 3.8.8 or 3.9.2 systems, mainly to deal with remote code (RCE) vulnerabilities followed as CVE-2021-3177.

The project expedited the release after receiving unexpected pressure from other users concerned about the security flaw.

“Since the announcement of the release of 3.9.2 to 3.8.8, we have received many questions from end users who urge us to speed up the final release due to security content, especially CVE-2021-3177,” Python said to release the group.

“This came as a surprise to us because we believed that the content of the security was selected by the lower distributors and the source in any way, and the release of the RC provides for those who are interested in development at the moment,” the PSF said.

“It turns out that the release option is not publicly visible and in most cases cannot be used due to improved processes that users use.”

Python 3.x to 3.9.1 has an overflowing buffer in PyCArg_repr at ctypes / callproc.c, which can lead to remote code usage.

It affects Python programs “that accept floating point numbers as unreliable inputs, as indicated by 1e300 dispute in c_double.from_param.”

The bug occurs because “sprintf” is used unsafely. The impact is vast because Python has been pre-installed while still distributing most of Linux and Windows 10.

Various Linux distributions, such as Debian, have been backed up with security clips to ensure that built-in Python versions are protected.

Vulnerability in python is a standard memory error. According to RedHat, the stack-based buffer overflows with Python’s ctypes module to improperly secure the transmission, “which would allow the attacker to overflow the stack and crash the system.”

While the risk of remote coding is terrible news, RedHat notes that “the highest threat to this system is access to the system.” In other words, the attacker will probably be able to pull off a denial of the app attack.

“Our understanding is that while the CVE is listed as a” remote control code, “the exploitation of this risk is not possible due to the following conditions that need to meet a successful RCE,” the PSF said.

“Certainly, the denial of services using harmful inputs is also a major problem. Therefore, to help members of the community who participated in the by-elections, we are releasing the final versions of 3.9.2 and 3.8.8 today,” the organization added.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This