CVE-2021-34141
Description
An incomplete string comparison in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying via crafted string objects, though the vendor considers it harmless.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An incomplete string comparison in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying via crafted string objects, though the vendor considers it harmless.
Vulnerability
An incomplete string comparison in the numpy.core component of NumPy before version 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects [1][4]. The issue resides in the string comparison logic, which may produce incorrect results when comparing specially crafted strings.
Exploitation
An attacker can exploit this vulnerability by providing specially constructed string objects to NumPy functions that rely on string comparison. No special privileges or network access are required if the attacker can supply input to a NumPy operation, such as through a script or application that processes untrusted data [1].
Impact
Successful exploitation results in "slightly incorrect copying" of data, which the vendor states is "completely harmless" [1][4]. The impact is limited to potential data corruption in edge cases, with no privilege escalation or remote code execution.
Mitigation
The issue is fixed in NumPy version 1.22.0 [1][4]. Users should upgrade to this version or later. No workarounds are documented, and the vulnerability is not listed in the Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
numpyPyPI | < 1.22 | 1.22 |
Affected products
2- NumPy/NumPydescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-fpfv-jqm9-f5jmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-34141ghsaADVISORY
- github.com/numpy/numpy/issues/18993ghsax_refsource_MISCWEB
- github.com/numpy/numpy/issues/18993ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2021-855.yamlghsaWEB
- www.oracle.com/security-alerts/cpujul2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.