rpm package
opensuse/python-numpy1&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-numpy1&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41496 | — | < 1.26.4-1.1 | 1.26.4-1.1 | Dec 17, 2021 | Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimens | ||
| CVE-2021-41495 | — | < 1.26.4-1.1 | 1.26.4-1.1 | Dec 17, 2021 | Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is mi | ||
| CVE-2021-33430 | — | < 1.26.4-1.1 | 1.26.4-1.1 | Dec 17, 2021 | A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a v | ||
| CVE-2019-6446 | — | < 1.26.4-1.1 | 1.26.4-1.1 | Jan 16, 2019 | An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavio | ||
| CVE-2017-12852 | Hig | 7.5 | < 1.26.4-1.1 | 1.26.4-1.1 | Aug 15, 2017 | The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. |
- CVE-2021-41496Dec 17, 2021affected < 1.26.4-1.1fixed 1.26.4-1.1
Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimens
- CVE-2021-41495Dec 17, 2021affected < 1.26.4-1.1fixed 1.26.4-1.1
Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is mi
- CVE-2021-33430Dec 17, 2021affected < 1.26.4-1.1fixed 1.26.4-1.1
A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a v
- CVE-2019-6446Jan 16, 2019affected < 1.26.4-1.1fixed 1.26.4-1.1
An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavio
- affected < 1.26.4-1.1fixed 1.26.4-1.1
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.