CVE-2021-34141

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-34141

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-34141.json

Aliases

GHSA-fpfv-jqm9-f5jm
PYSEC-2021-855

Related

USN-5763-1

Published

2021-12-17T19:15:07Z

Modified

2023-11-29T08:56:06.185646Z

Details

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."

References

https://github.com/numpy/numpy/issues/18993
https://www.oracle.com/security-alerts/cpujul2022.html

Affected packages

Git / github.com/numpy/numpy

Affected ranges

Type: GIT
Repo: https://github.com/numpy/numpy
Events: Introduced

0The exact introduced commit is unknown

Fixed

4adc87dff15a247e417d50f10cc4def8e1c17a03

Affected versions

Other

pre-removal-numpybook

with_maskna

v0.*

v0.2.2

v0.3.0

v1.*

v1.21.0.dev0

v1.22.0.dev0

v1.22.0rc1

v1.22.0rc2

v1.22.0rc3