CVE-2021-41496

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-41496

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41496.json

Aliases

GHSA-f7c7-j99h-c22f
PYSEC-2021-857

Related

USN-5763-1

Withdrawn

2022-02-07T18:10:33Z

Published

2021-12-17T20:15:08Z

Modified

2023-11-29T09:04:30.346696Z

Details

Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally)

References

https://github.com/numpy/numpy/issues/19000
https://www.oracle.com/security-alerts/cpujul2022.html

Affected packages

Git / github.com/numpy/numpy

Affected ranges

Type: GIT
Repo: https://github.com/numpy/numpy
Events: Introduced

0The exact introduced commit is unknown

Fixed

92ebe1e9a6aeb47a881a1226b08218175776f9ea

Affected versions

Other

pre-removal-numpybook

with_maskna

v0.*

v0.2.2

v0.3.0

v1.*

v1.19.0rc1

v1.19.0rc2