CVE-2021-41496
Description
Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally)
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.037
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-41495,CVE-2021-41496 are fixed in Python-numpy 1.19 | Windows |
| scientific computing package with Python (USN-5763-1) python3-numpy_1.17.4-5ubuntu3.1_amd64.deb | Linux |
| scientific computing package with Python (USN-5763-1) python3-numpy_1.21.5-1ubuntu22.04.1_amd64.deb | Linux |
| scientific computing package with Python (USN-5763-1) python3-numpy_1.21.5-1ubuntu22.10.1_amd64.deb | Linux |
| Vulnerabilities CVE-2021-41495,CVE-2021-41496 are fixed in Python-numpy for linux 1.19 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234