CVE-2021-41496
Summary
| CVE | CVE-2021-41496 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-17 20:15:00 UTC |
| Updated | 2023-11-07 03:38:00 UTC |
| Description | ** DISPUTED ** Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally). |
Risk And Classification
Problem Types: CWE-120
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Potential buffer-overflow from string operations in function array_from_pyobj of fortranobject.c · Issue #19000 · numpy/numpy · GitHub | MISC | github.com | |
| Oracle Critical Patch Update Advisory - July 2022 | N/A | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 199066 Ubuntu Security Notification for NumPy Vulnerabilities (USN-5763-1)
- 20270 Oracle Database 21c Critical Patch Update - October 2022
- 240172 Red Hat Update for OpenStack Platform 16.2 (RHSA-2022:1000)
- 240178 Red Hat Update for OpenStack Platform 16.1 (RHSA-2022:0987)
- 296062 Oracle Solaris 11.4 Support Repository Update (SRU) 43.113.3 Missing (CPUJAN2022)
- 671399 EulerOS Security Update for numpy (EulerOS-SA-2022-1334)
- 671416 EulerOS Security Update for numpy (EulerOS-SA-2022-1357)
- 671463 EulerOS Security Update for numpy (EulerOS-SA-2022-1432)
- 671464 EulerOS Security Update for numpy (EulerOS-SA-2022-1453)
- 671511 EulerOS Security Update for numpy (EulerOS-SA-2022-1510)
- 671544 EulerOS Security Update for numpy (EulerOS-SA-2022-1491)
- 671716 EulerOS Security Update for numpy (EulerOS-SA-2022-1749)
- 751611 SUSE Enterprise Linux Security Update for python-numpy (SUSE-SU-2022:0118-1)
- 751632 OpenSUSE Security Update for python-numpy (openSUSE-SU-2022:0134-1)
- 751958 OpenSUSE Security Update for python2-numpy (openSUSE-SU-2022:1064-1)
- 752013 SUSE Enterprise Linux Security Update for python-numpy (SUSE-SU-2022:0134-1)
- 752368 SUSE Enterprise Linux Security Update for python2-numpy (SUSE-SU-2022:2441-1)
- 752580 SUSE Enterprise Linux Security Update for python2-numpy (SUSE-SU-2022:1064-2)
- 752679 SUSE Enterprise Linux Security Update for python-numpy (SUSE-SU-2022:0134-3)
- 753409 SUSE Enterprise Linux Security Update for python2-numpy (SUSE-SU-2022:1064-1)
- 900382 Common Base Linux Mariner (CBL-Mariner) Security Update for numpy (7050)
- 901946 Common Base Linux Mariner (CBL-Mariner) Security Update for numpy (7056-1)