GHSA-5545-2q6w-2gh6

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-5545-2q6w-2gh6/GHSA-5545-2q6w-2gh6.json
Aliases
  • CVE-2021-41495
Published
2022-02-08T00:00:56Z
Modified
2022-06-21T20:31:05.067434Z
Details

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays.

References

Affected packages

PyPI / numpy

numpy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
1.19

Affected versions

0.*

0.9.6
0.9.8

1.*

1.0
1.0.3
1.0.4
1.0b1
1.0b4
1.0b5
1.0rc1
1.0rc2
1.0rc3
1.1.1
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.11.0
1.11.1
1.11.2
1.11.3
1.12.0
1.12.1
1.13.0
1.13.0rc1
1.13.0rc2
1.13.1
1.13.3
1.14.0
1.14.0rc1
1.14.1
1.14.2
1.14.3
1.14.4
1.14.5
1.14.6
1.15.0
1.15.0rc1
1.15.0rc2
1.15.1
1.15.2
1.15.3
1.15.4
1.16.0
1.16.0rc1
1.16.0rc2
1.16.1
1.16.2
1.16.3
1.16.4
1.16.5
1.16.6
1.17.0
1.17.0rc1
1.17.0rc2
1.17.1
1.17.2
1.17.3
1.17.4
1.17.5
1.18.0
1.18.0rc1
1.18.1
1.18.2
1.18.3
1.18.4
1.18.5
1.19.0rc1
1.19.0rc2
1.2.0
1.2.1
1.3.0
1.4.0
1.4.1
1.5.0
1.5.1
1.6.0
1.6.1
1.6.2
1.7.0
1.7.1
1.7.2
1.8.0
1.8.1
1.8.2
1.9.0
1.9.1
1.9.2
1.9.3

Database specific

{
    "last_known_affected_version_range": "<= 1.18.5"
}