SUSE-SU-2022:0118-1 Security update for python-numpy

This update for python-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArrayNewFromDescrint function of ctors.c bsc1193913. - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in arrayfrompyobj function of fortranobject.c bsc1193907...

CVE-2021-41496 affecting package numpy 1.16.6-2

CVE-2021-41496 affecting package numpy 1.16.6-2. A patched version of the package is available...

OESA-2022-1485 numpy security update

A fast multidimensional array facility for Python. Security Fixes: Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.CVE-2021-41496...

NumPy Buffer Overflow (Disputed)

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArrayNewFromDescrint function of ctors.c when specifying arrays of large dimensions over 32 from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulnerability; In very...

GHSA-6P56-WP2H-9HXR NumPy Buffer Overflow (Disputed)

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArrayNewFromDescrint function of ctors.c when specifying arrays of large dimensions over 32 from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulnerability; In very...

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."

...

Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19 which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally)

...

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing an error can only occur due to an exhaustion of memory. If the user can exhaust memory they are already privileged. Further it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place

...

CVE-2021-34141

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...

CVE-2021-33430

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArrayNewFromDescrint function of ctors.c when specifying arrays of large dimensions over 32 from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In very...

CVE-2021-41496

Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be...

CVE-2021-41495

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can on...

NumPy buffer overflow vulnerability

NumPy is a Python scientific computing package. NumPy version 1.9 is vulnerable to a buffer overflow vulnerability caused by the lack of a limit on array length in the PyArrayNewFromDescrint function in ctor .c, which leads to a buffer overflow vulnerability that can be exploited to cause a denia...

Unspecified Vulnerability in NumPy (CNVD-2021-101680)

NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrix calculations, as well as providing a large library of mathematical functions for data operations. A security vulnerability exists in NumPy 1.9 that stems from incomplete string...

NumPy has an unspecified vulnerability

NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrices, while providing a large library of mathematical functions for data operations. numPy 1.19 has a security vulnerability that stems from a null pointer dereference vulnerability i...

Denial Of Service (DoS)

numpy is vulnerable to denial of service. An attacker can crash the application by specifying the arrays of large dimensions over 32 through the PyArrayNewFromDescrint function in the ctors.c...

Incorrect Comparison in NumPy

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects...

0lever-utils (>=0.0.2 <=0.0.7), 111752 (=1.1.1) +4671 more potentially affected by CVE-2021-34141 via numpy (>=1.10.0 <=1.21.6)

numpy PYPI version =1.10.0, =0.0.2, =1.0.0, =0.1.0, =0.1.2, =0.9.2, =0.0.5, =0.5.0, =1.0.2, =0.5.0, =1.0.2, =0.0.0, =0.0.7 and more Source cves: CVE-2021-34141 Source advisory: OSV:GHSA-FPFV-JQM9-F5JM...

CVE-2021-41496

Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be...

CVE-2021-41496

Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be...