CVE-2021-41495
Description
A missing return-value validation in numpy.sort's PyArray_DescrNew function can cause a null pointer dereference, enabling denial-of-service under memory exhaustion.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing return-value validation in numpy.sort's PyArray_DescrNew function can cause a null pointer dereference, enabling denial-of-service under memory exhaustion.
Vulnerability
A null pointer dereference vulnerability exists in NumPy versions before 1.19 in the PyArray_DescrNew function within numpy.sort [1][4]. The function can return NULL under memory exhaustion (e.g., at [point 1], [point 2], [point 3] in the source), yet many call sites—such as PyArray_DescrNewByteorder—fail to validate the return value before dereferencing it, leading to a crash [1][4].
Exploitation
An attacker must be able to exhaust system memory, which generally requires elevated privileges or control over resource allocation [1]. If memory exhaustion is achieved precisely when PyArray_DescrNew is called during sorting operations, the missing null check causes an immediate null pointer dereference [1][4]. The official description notes that it is "practically impossible" to construct an attack that targets this exact memory exhaustion point, and the attacker would already be privileged if they can exhaust memory [1].
Impact
Successful exploitation results in a denial-of-service (DoS) via application crash [1]. The impact is limited to availability; no data confidentiality or integrity compromise is expected [1]. The affected component is numpy.sort, and the null pointer dereference occurs within the CPython process running NumPy [1][4].
Mitigation
Users should upgrade to NumPy version 1.19 or later, where the missing return-value validation is addressed [1]. No official workaround has been published for earlier versions. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of December 2021 [1]. If an upgrade is not immediately possible, limiting memory allocation for untrusted inputs may reduce the attack surface, though practical exploitation is considered extremely unlikely [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
numpyPyPI | < 1.19 | 1.19 |
Affected products
46- NumPy/NumPydescription
- ghsa-coords45 versionspkg:pypi/numpypkg:rpm/opensuse/python2-numpy&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python3-numpy&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-numpy_1_16_5-gnu-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-numpy_1_16_5-gnu-hpc&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-numpy_1_17_3-gnu-hpc&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-numpy_1_17_3-gnu-hpc&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-numpy1&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-numpy&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-numpy&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python2-numpy&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/python2-numpy&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3pkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/python2-numpy&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/python2-numpy&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/python2-numpy&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/python3-numpy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/python-numpy_1_13_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3pkg:rpm/suse/python-numpy_1_17_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP4pkg:rpm/suse/python-numpy_1_17_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP6pkg:rpm/suse/python-numpy_1_17_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 1.19+ 44 more
- (no CPE)range: < 1.19
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.17.3-150400.31.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.17.3-150400.23.3.1
- (no CPE)range: < 1.17.3-150400.31.1
- (no CPE)range: < 1.26.4-1.1
- (no CPE)range: < 1.17.3-150400.23.3.1
- (no CPE)range: < 1.25.2-2.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.17.3-150400.31.1
- (no CPE)range: < 1.13.3-4.15.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.17.3-150400.23.3.1
- (no CPE)range: < 1.17.3-150400.31.1
- (no CPE)range: < 1.17.3-150400.31.1
- (no CPE)range: < 1.17.3-150400.23.3.1
- (no CPE)range: < 1.8.0-5.14.1
- (no CPE)range: < 1.8.0-5.14.1
- (no CPE)range: < 1.8.0-5.14.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-5545-2q6w-2gh6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41495ghsaADVISORY
- github.com/numpy/numpy/issues/19038ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2021-856.yamlghsaWEB
- www.oracle.com/security-alerts/cpujul2022.htmlghsaWEB
News mentions
0No linked articles in our index yet.