CVE-2021-41496
Description
Buffer overflow in NumPy <1.19 in array_from_pyobj via crafted array with negative dimensions can cause denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in NumPy <1.19 in `array_from_pyobj` via crafted array with negative dimensions can cause denial of service.
Vulnerability
A buffer overflow vulnerability exists in the array_from_pyobj function of fortranobject.c in NumPy versions prior to 1.19 [1]. The issue occurs when constructing an error message string: the code uses strcpy, sprintf, and strcat without bounds checking on the stack-allocated buffer mess (200 bytes). An attacker-provided array with negative dimensions can cause the formatted string to exceed the buffer size, leading to a buffer overflow [3]. The affected code path is triggered when the array has intent(cache|hide) or optional attributes and contains negative dimensions [3].
Exploitation
An attacker needs the ability to craft a NumPy array with negative dimension values that is then passed to an internal routine calling array_from_pyobj. According to the vendor, this requires the attacker to already be a privileged user or the action must be performed internally [1]. No specific user interaction beyond array construction is required; the overflow occurs during the error-handling path when negative dimensions are detected [3].
Impact
Successful exploitation can cause a denial of service due to a buffer overflow, potentially crashing the Python interpreter or corrupting memory [1]. The impact is limited to Denial of Service; the vendor does not regard the issue as a typical vulnerability because the necessary preconditions imply the attacker already has significant access [1].
Mitigation
The issue was resolved in NumPy version 1.19 by implementing proper bounds checking and replacing unsafe string functions (e.g., strcpy replaced with strncpy) [3]. Users should upgrade to NumPy 1.19 or later to mitigate the vulnerability. No workaround is provided for earlier versions.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
numpyPyPI | < 1.19 | 1.19 |
Affected products
70- NumPy/NumPydescription
- ghsa-coords69 versionspkg:pypi/numpypkg:rpm/opensuse/dxflib&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python2-numpy&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-numpy_1_16_5-gnu-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-numpy_1_16_5-gnu-hpc&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-numpy_1_17_3-gnu-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-numpy1&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-numpy&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-numpy&distro=openSUSE%20Tumbleweedpkg:rpm/suse/dxflib&distro=SUSE%20Package%20Hub%2015%20SP3pkg:rpm/suse/python2-numpy&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/python2-numpy&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3pkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/python2-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/python2-numpy&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/python2-numpy&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/python2-numpy&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/python-numpy_1_13_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/python-numpy_1_16_5-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3pkg:rpm/suse/python-numpy_1_17_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/python-numpy_1_17_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python-numpy_1_17_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/python-numpy_1_17_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/python-numpy_1_17_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/python-numpy_1_17_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/python-numpy_1_17_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3pkg:rpm/suse/python-numpy_1_17_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/python-numpy&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/python-numpy&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python-numpy&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/python-numpy&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/python-numpy&distro=SUSE%20Manager%20Server%204.1
< 1.19+ 68 more
- (no CPE)range: < 1.19
- (no CPE)range: < 3.17.0-bp153.2.3.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.26.4-1.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.25.2-2.1
- (no CPE)range: < 3.17.0-bp153.2.3.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.13.3-4.12.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150000.1.9.1
- (no CPE)range: < 1.16.5-150200.3.5.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.8.0-5.11.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.8.0-5.11.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.8.0-5.11.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
- (no CPE)range: < 1.17.3-10.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-f7c7-j99h-c22fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41496ghsaADVISORY
- github.com/numpy/numpy/issues/19000ghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujul2022.htmlghsaWEB
News mentions
0No linked articles in our index yet.