What is the vulnerability ID for this Buffer Overflow vulnerability?

The vulnerability ID for this Buffer Overflow vulnerability is CVE-2021-33430.

What is the affected software for this vulnerability?

The affected software for this vulnerability is NumPy 1.9.x.

What is the severity of CVE-2021-33430?

The severity of CVE-2021-33430 is medium with a CVSS score of 5.3.

Is there a patch or fix available for CVE-2021-33430?

No specific patch or fix has been mentioned for CVE-2021-33430. Please refer to the vendor or project for more information.

Vulnerability/
CVE-2021-33430

medium

5.3

CWE

120 119

17/12/2021

7/1/2022

26/9/2024

CVE-2021-33430: Buffer Overflow

Q: How can a malicious user exploit this vulnerability?

A malicious user can exploit this vulnerability by specifying arrays of large dimensions (over 32) from Python code, which could cause a Denial of Service.

First published: Fri Dec 17 2021(Updated: )

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulnerability; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
pip/numpy	>=1.9.0<1.21	1.21
NumPy NumPy	>=1.9.0<=1.9.3
	>=1.9.0<=1.9.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this Buffer Overflow vulnerability?
The vulnerability ID for this Buffer Overflow vulnerability is CVE-2021-33430.
What is the affected software for this vulnerability?
The affected software for this vulnerability is NumPy 1.9.x.
What is the severity of CVE-2021-33430?
The severity of CVE-2021-33430 is medium with a CVSS score of 5.3.
How can a malicious user exploit this vulnerability?
A malicious user can exploit this vulnerability by specifying arrays of large dimensions (over 32) from Python code, which could cause a Denial of Service.
Is there a patch or fix available for CVE-2021-33430?
No specific patch or fix has been mentioned for CVE-2021-33430. Please refer to the vendor or project for more information.

agent/type
agent/references
agent/weakness
agent/severity
agent/status
agent/description
collector/github-advisory
source/GitHub
alias/GHSA-6p56-wp2h-9hxr
alias/CVE-2021-33430
agent/software-canonical-lookup
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
agent/tags
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
collector/nvd-api
agent/last-modified-date
collector/github-advisory-latest
package-manager/pip
vendor/numpy
canonical/numpy numpy
version/numpy numpy/1.9.0
version/numpy numpy/1.9.3
status/disputed

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.