CVE-2021-34141
First published: Fri Dec 17 2021(Updated: )
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NumPy NumPy | <1.22.0 | |
| Oracle Communications Cloud Native Core Policy | =22.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-34141.
What is the title of this vulnerability?
The title of this vulnerability is 'An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers …'.
What is the severity of CVE-2021-34141?
The severity of CVE-2021-34141 is medium with a CVSS score of 5.3.
What is the affected software for CVE-2021-34141?
The affected software for CVE-2021-34141 are Numpy Numpy versions before 1.22.0 and Oracle Communications Cloud Native Core Policy version 22.1.3.
How can attackers exploit this vulnerability?
Attackers can exploit this vulnerability by constructing specific string objects to trigger slightly incorrect copying.
- agent/references
- agent/type
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/numpy
- canonical/numpy numpy
- vendor/oracle
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/22.1.3