CVE-2021-41496

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions NumPy versions prior to 1.19

Description The issue is related to a buffer overflow in the array from pyobj function of fortranobject.c in NumPy, which can be exploited to conduct Denial of Service attacks by carefully constructing an array with negative values. Note that the vendor does not agree this is a vulnerability, as the negative dimensions can only be created by an already privileged user or internally.

Recommendations For NumPy versions prior to 1.19, consider disabling the array from pyobj function as a temporary workaround until a patch is available. Restrict access to the fortranobject.c module to minimize the risk of exploitation. Avoid using negative values in arrays to prevent potential Denial of Service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

AZL-7056

BDU:2025-01011

CVE-2021-41496

ECHO-70FC-D0BB-2F7D

GHSA-F7C7-J99H-C22F

MGASA-2022-0032

OESA-2022-1485

OPENSUSE-SU-2022:0134-1

OPENSUSE-SU-2022:1064-1

OPENSUSE-SU-2022_0134-1

OPENSUSE-SU-2022_1064-1

OPENSUSE-SU-2022_1064-2

OPENSUSE-SU-2024:13220-1

OPENSUSE-SU-2024:14311-1

PYSEC-2021-857

RHSA-2022:0987

RHSA-2022:1000

SUSE-SU-2022:0118-1

SUSE-SU-2022:0134-1

SUSE-SU-2022:0134-2

SUSE-SU-2022:0134-3

SUSE-SU-2022:0206-1

SUSE-SU-2022:1064-1

SUSE-SU-2022:1064-2

SUSE-SU-2022:2441-1

USN-5763-1

Affected Products

Debian

Linuxmint

Numpy

Red Os

Suse

Ubuntu

CVE-2021-41496

Weakness Enumeration

Related Identifiers

Affected Products

References · 61