Siideynta saxda ah ee luuqada barnaamijka Python 3.7.10 iyo 3.6.13 ayaa diyaar ah, kuwaas oo hagaajiya nuglaanshaha (CVE-2021-3177) taas oo u horseedi karta fulinta kood marka la farsameeyo lambarrada dhibcaha sabbaynaya ee aan la ansixin ee maamulayaasha wacaya hawlaha C iyaga oo isticmaalaya farsamada ctypes . Dhibaatadu waxay sidoo kale saamaysaa Python 3.8 iyo 3.9 laamood, laakiin cusboonaysiinta iyaga ayaa wali ku jira heerka musharraxnimada (sii daynta loo qorsheeyay Maarso 1).
Dhibaatadu waxa sababa bakhaar ku soo qulqulaya shaqada ctypes PyCArg_repr(), taas oo ay ugu wacan tahay isticmaalka badbaadada leh ee sprintf. Gaar ahaan, si loo habeeyo natiijada isbeddelka 'sprintf(buffer,') ", self->tag, self-> value.b)" loo qoondeeyay kaydka taagan ee 256 bytes ("char buffer[256]"), halka natiijadu ay dhaafi karto qiimahan. Si loo hubiyo u nuglaanshaha codsiyada ee nuglaanta, waxaad isku dayi kartaa inaad dhaafto qiimaha "1e300", kaas oo, marka lagu shaqeeyo habka c_double.from_param, waxay horseedi doontaa shil, maadaama tirada ka soo baxday ay ka kooban tahay 308 xaraf oo aan ku habboonayn 256-byte kaydinta. Tusaalaha koodka dhibka leh: soo dejinta ctypes; x = ctypes.c_double.from_param (1e300); repr(x)
Dhibaatadu weli kama go'in Debian, Ubuntu iyo FreeBSD, laakiin mar hore ayaa lagu hagaajiyay Arch Linux, Fedora, SUSE. Gudaha RHEL, nuglaanta kuma dhacdo xirmada xirmada ee qaabka FORTIFY_SOURCE, kaas oo xannibaya qulqulka xad dhaafka ah ee howlaha xargaha.
Source: opennet.ru