Ukukhutshwa okuLungileyo kolwimi lwenkqubo yePython 3.7.10 kunye ne-3.6.13 ziyafumaneka, ezilungisa ubuthathaka (CVE-2021-3177) obunokukhokelela ekuphunyezweni kwekhowudi xa kusetyenzwa amanani eendawo ezidadayo ezingaqinisekanga kubaphangi ababiza imisebenzi ye-C besebenzisa indlela yectypes . Ingxaki ikwachaphazela amasebe ePython 3.8 kunye ne-3.9, kodwa uhlaziyo lwabo lusekwimo yokukhutshwa komviwa (ukukhutshwa kucwangciselwe uMatshi 1).
Ingxaki ibangelwa kukuphuphuma kwebuffer kwi ctypes function PyCArg_repr (), eyenzeka ngenxa yosetyenziso olungakhuselekanga lwesprintf. Ngokukodwa, ukucubungula isiphumo soguqulo 'sprintf(buffer," ", self->tag, self->value.b)' yabelwe isithinteli esingatshintshiyo se-256 bytes ("char buffer[256]"), ngelixa isiphumo sinokugqithisa eli xabiso. Ukujonga ukuba semngciphekweni kwezicelo kubuthathaka, ungazama ukudlulisa ixabiso "1e300", ethi, xa iqhutywe yi-c_double.from_param indlela, iya kukhokelela kwingozi, ekubeni inani eliphumayo liqulethe amagama angama-308 kwaye lingangeni 256-byte buffer. Umzekelo wekhowudi eyingxaki: ngenisa ii-ctypes; x = ctypes.c_double.from_param(1e300); repr(x)
Ingxaki ihlala ingalungiswanga kwiDebian, Ubuntu kunye neFreeBSD, kodwa sele ilungisiwe kwiArch Linux, Fedora, SUSE. Kwi-RHEL, ubuthathaka abenzeki ngenxa yokudityaniswa kwephakheji kwimo ye-FORTIFY_SOURCE, ethintela ukuphuphuma kwebuffer kwimisebenzi yomtya.
umthombo: opennet.ru