CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
31.9%
DISPUTED Null Pointer Dereference vulnerability exists in numpy.sort
in NumPy < and 1.19 in the PyArray_DescrNew function due to missing
return-value validation, which allows attackers to conduct DoS attacks by
repetitively creating sort arrays. NOTE: While correct that validation is
missing, an error can only occur due to an exhaustion of memory. If the
user can exhaust memory, they are already privileged. Further, it should be
practically impossible to construct an attack which can target the memory
exhaustion to occur at exactly this place.
github.com/numpy/numpy/issues/19038
github.com/numpy/numpy/pull/20960
github.com/numpy/numpy/pull/20984 (backport)
launchpad.net/bugs/cve/CVE-2021-41495
nvd.nist.gov/vuln/detail/CVE-2021-41495
security-tracker.debian.org/tracker/CVE-2021-41495
ubuntu.com/security/notices/USN-5763-1
www.cve.org/CVERecord?id=CVE-2021-41495
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
31.9%