CVE-2021-41500
Incorrect Comparison in pypi/cvxopt
Identifiers
GHSA-8rh6-h94m-vj54, CVE-2021-41500
Package Slug
pypi/cvxopt
Vulnerability
Incorrect Comparison
Description
Incomplete string comparison vulnerability exits in cvxopt.org cvxop in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.
Affected Versions
All versions before 1.2.7
Solution
Upgrade to version 1.2.7 or above.
Last Modified
2022-01-10
| source |