Python Software Foundation tackles remote code vulnerability with new update

The Python Software Foundation (PSF) released Python 3.9.2 and 3.8.8 in a rush to address the major security flaws. Out of these two notable security flaws, one can exploit remotely (knock a machine offline).

PSF is also asking the users to upgrade their systems to address the remorse code execution (RCE) vulnerability. The vulnerability is tracked as CVE-2021-3177 that is addressed in Python 3.8.8 or 3.9.2.

The Python release team said that the announcement of the release for 3.9.2 and 3.8.8 is done to urge users to upgrade the systems due to the security content noted in the CVE-2021-3177.

PSF added to this that the security content is mainly for the downstream distributor that picks it up from the source. Hence, it is essential to upgrade the system in the meantime. The users must upgrade the system since the candidates are invisible to the community. The release cannot be used due to the process of upgrading that users usually put as default.

The applications are also affected by the “accept floating-point numbers” since the whole demonstration goes in a 1e300 argument to c_double.from_param.

The vulnerability will hit the buffer and overflow it on the stack. As a result, hackers can easily crash the application. RedHat notes that the system availability is at risk because of this threat. The attacker will be able to pull off a service attack denial.