Ubuntu.comUB:CVE-2021-33430CVE-2021-33430
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
29.6%
DISPUTED A Buffer Overflow vulnerability exists in NumPy 1.9.x in the
PyArray_NewFromDescr_int function of ctors.c when specifying arrays of
large dimensions (over 32) from Python code, which could let a malicious
user cause a Denial of Service. NOTE: The vendor does not agree this is a
vulneraility; In (very limited) circumstances a user may be able provoke
the buffer overflow, the user is most likely already privileged to at least
provoke denial of service by exhausting memory. Triggering this further
requires the use of uncommon API (complicated structured dtypes), which is
very unlikely to be available to an unprivileged user.
References
github.com/numpy/numpy/commit/16f7824b4d935b6aee98298ca4123d57174a6f2e (v1.22.0.dev0)
github.com/numpy/numpy/issues/18939
github.com/numpy/numpy/pull/18989
launchpad.net/bugs/cve/CVE-2021-33430
nvd.nist.gov/vuln/detail/CVE-2021-33430
security-tracker.debian.org/tracker/CVE-2021-33430
ubuntu.com/security/notices/USN-5763-1
www.cve.org/CVERecord?id=CVE-2021-33430
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
29.6%