CVE-2021-41496: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

December 17, 2021 (updated November 7, 2023)

Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.

References

github.com/numpy/numpy/issues/19000
nvd.nist.gov/vuln/detail/CVE-2021-41496

Detect and mitigate CVE-2021-41496 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →