CVE-2021-41496

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in pypi/numpy

Identifiers

CVE-2021-41496

Package Slug

pypi/numpy

Vulnerability

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Description

Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.

Affected Versions

All versions before 1.19.0

Solution

Upgrade to version 1.19.0 or above.

Last Modified

2022-01-04

source