CVE-2021-41500

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions cvxopt version 1.2.6 and earlier

Description The issue is related to an incomplete string comparison vulnerability in certain APIs, specifically cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, and cvxopt.cholmod.spsolve. This vulnerability allows attackers to conduct Denial of Service attacks by constructing fake Capsule objects.

Recommendations For versions 1.2.6 and earlier, consider disabling the use of the vulnerable APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, and cvxopt.cholmod.spsolve) until a patch is available. Restrict access to these APIs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-697

Related Identifiers

ALT-PU-2021-3522

ALT-PU-2024-12095

ALT-PU-2024-8938

CVE-2021-41500

GHSA-8RH6-H94M-VJ54

PYSEC-2021-870

Affected Products

Alt Linux

Debian

Cvxopt

CVE-2021-41500

Weakness Enumeration

Related Identifiers

Affected Products

References · 17