CVE-2021-41495

CVSS v2.0

6.3

Medium

Vector

AV:N/AC:M/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions NumPy versions prior to 1.19

Description The issue is related to a Null Pointer Dereference vulnerability in the numpy.sort component of NumPy, specifically in the PyArray DescrNew function due to missing return-value validation. This allows attackers to conduct DoS attacks by repetitively creating and sorting arrays, potentially leading to memory exhaustion. However, it's noted that if a user can exhaust memory, they are already privileged, and constructing an attack to target memory exhaustion at exactly this point is practically impossible.

Recommendations For NumPy versions prior to 1.19, consider updating to a version that includes the fix for this issue, as the current version may allow for DoS attacks due to the Null Pointer Dereference vulnerability in the numpy.sort component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-7045

BDU:2023-05412

CVE-2021-41495

ECHO-02E5-0070-F939

GHSA-5545-2Q6W-2GH6

OESA-2022-1522

OPENSUSE-SU-2022:1064-1

OPENSUSE-SU-2022_1064-1

OPENSUSE-SU-2022_1064-2

OPENSUSE-SU-2022_2646-1

OPENSUSE-SU-2024:13220-1

OPENSUSE-SU-2024:14311-1

OPENSUSE-SU-2025_0424-1

PYSEC-2021-856

RHSA-2022:8852

RHSA-2022:8861

SUSE-SU-2022:1064-1

SUSE-SU-2022:1064-2

SUSE-SU-2022:2441-1

SUSE-SU-2022:2645-1

SUSE-SU-2022:2646-1

SUSE-SU-2022:2793-1

SUSE-SU-2022_2645-1

SUSE-SU-2022_2646-1

SUSE-SU-2022_2793-1

SUSE-SU-2025:0424-1

SUSE-SU-2025_0424-1

USN-5763-1

Affected Products

Debian

Linuxmint

Numpy

Red Os

Suse

Ubuntu

CVE-2021-41495

Weakness Enumeration

Related Identifiers

Affected Products

References · 60