Buffer Copy without Checking Size of Input in NumPy

GHSA-f7c7-j99h-c22f · CVE-2021-41496 · PYSEC-2021-857

Published Feb 8, 2022 · Modified Nov 8, 2023

Description

Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-41496
WEB https://github.com/numpy/numpy/issues/19000
PACKAGE https://github.com/numpy/numpy
WEB https://www.oracle.com/security-alerts/cpujul2022.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes