[BEAM-14025] CVE-2021-41496 vulnerability in numpy library - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: P2
Resolution: Fixed
Affects Version/s: 2.36.0
Fix Version/s: 2.38.0
Component/s: dependencies, sdk-py-core
Labels:
- security

Language:
- Python

Description

https://cve.report/CVE-2021-41496

Potential buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally).

Fix: As a fix, the current numpy library version needs to be upgraded to 1.22.x

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Mohinuddin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Mar/22 12:45

Updated:: 05/Mar/22 00:40

Resolved:: 05/Mar/22 00:40