CVE-2021-34141

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions NumPy versions prior to 1.22.0 NumPy versions 1.9.x

Description The issue is related to an incomplete string comparison in the numpy.core component, which allows attackers to trigger slightly incorrect copying by constructing specific string objects. The vendor states that this reported code behavior is completely harmless. The vulnerability may allow a remote attacker to initiate data copying using specially crafted objects.

Recommendations For NumPy versions prior to 1.22.0, update to version 1.22.0 or later to resolve the issue. For NumPy versions 1.9.x, update to version 1.22.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the numpy.core component until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-697

Related Identifiers

ALT-PU-2022-1119

BDU:2022-06724

CVE-2021-34141

ECHO-4195-024C-0BCD

GHSA-FPFV-JQM9-F5JM

OESA-2022-1522

PYSEC-2021-855

USN-5763-1

Affected Products

Alt Linux

Debian

Linuxmint

Numpy

Red Os

Ubuntu

CVE-2021-34141

Weakness Enumeration

Related Identifiers

Affected Products

References · 29