PYSEC-2021-854

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/numpy/PYSEC-2021-854.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-854

Aliases

CVE-2021-33430
GHSA-6p56-wp2h-9hxr

Published

2021-12-17T19:15:00Z

Modified

2023-11-08T04:06:04.438690Z

Summary

[none]

Details

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArrayNewFromDescrint function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service.

References

https://github.com/numpy/numpy/issues/18939
https://github.com/advisories/GHSA-6p56-wp2h-9hxr

Affected packages

PyPI / numpy

Package

Name: numpy; View open source insights on deps.dev
Purl: pkg:pypi/numpy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.9.0

Fixed

1.10.0

Affected versions

1.*

1.9.0

1.9.1

1.9.2

1.9.3