Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-41495
HistoryDec 17, 2021 - 12:00 a.m.

CVE-2021-41495

2021-12-1700:00:00
ubuntu.com
ubuntu.com
53
cve-2021-41495
null pointer dereference
numpy.sort
numpy 1.19

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.9%

DISPUTED Null Pointer Dereference vulnerability exists in numpy.sort
in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing
return-value validation, which allows attackers to conduct DoS attacks by
repetitively creating sort arrays. NOTE: While correct that validation is
missing, an error can only occur due to an exhaustion of memory. If the
user can exhaust memory, they are already privileged. Further, it should be
practically impossible to construct an attack which can target the memory
exhaustion to occur at exactly this place.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchnumpy< 1:1.17.4-5ubuntu3.1UNKNOWN
ubuntu22.04noarchnumpy< 1:1.21.5-1ubuntu22.04.1UNKNOWN
ubuntu22.10noarchnumpy< 1:1.21.5-1ubuntu22.10.1UNKNOWN

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.9%