CVE-2021-41496: Buffer Overflow
First published: Fri Dec 17 2021(Updated: )
** DISPUTED ** Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally).
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NumPy NumPy | <1.19.0 | |
| <1.19.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this buffer overflow issue?
The vulnerability ID for this buffer overflow issue is CVE-2021-41496.
What software is affected by this vulnerability?
The NumPy version prior to 1.19 is affected by this vulnerability.
What is the severity level of this vulnerability?
The severity level of this vulnerability is medium with a CVSS score of 5.5.
What can an attacker do with this vulnerability?
An attacker could conduct a Denial of Service (DoS) attack by carefully constructing an array with negative values.
Has this vulnerability been disputed by the vendor?
Yes, this vulnerability has been disputed by the vendor.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/status
- agent/author
- agent/description
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- status/disputed
- vendor/numpy
- canonical/numpy numpy