PYSEC-2021-856

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/numpy/PYSEC-2021-856.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-856

Aliases

Published

2021-12-17T20:15:00Z

Modified

2023-11-08T04:06:59.212424Z

Summary

[none]

Details

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays.

References

Affected packages

PyPI / numpy

Package

Name: numpy; View open source insights on deps.dev
Purl: pkg:pypi/numpy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.19.1

Affected versions

0.*

0.9.6

0.9.8

1.*

1.0b1

1.0b4

1.0b5

1.0rc1

1.0rc2

1.0rc3

1.0

1.0.3

1.0.4

1.1.1

1.2.0

1.2.1

1.3.0

1.4.0

1.4.1

1.5.0

1.5.1

1.6.0

1.6.1

1.6.2

1.7.0

1.7.1

1.7.2

1.8.0

1.8.1

1.8.2

1.9.0

1.9.1

1.9.2

1.9.3

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.11.0

1.11.1

1.11.2

1.11.3

1.12.0

1.12.1

1.13.0rc1

1.13.0rc2

1.13.0

1.13.1

1.13.3

1.14.0rc1

1.14.0

1.14.1

1.14.2

1.14.3

1.14.4

1.14.5

1.14.6

1.15.0rc1

1.15.0rc2

1.15.0

1.15.1

1.15.2

1.15.3

1.15.4

1.16.0rc1

1.16.0rc2

1.16.0

1.16.1

1.16.2

1.16.3

1.16.4

1.16.5

1.16.6

1.17.0rc1

1.17.0rc2

1.17.0

1.17.1

1.17.2

1.17.3

1.17.4

1.17.5

1.18.0rc1

1.18.0

1.18.1

1.18.2

1.18.3

1.18.4

1.18.5

1.19.0rc1

1.19.0rc2

1.19.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/numpy/PYSEC-2021-856.yaml"