#VU61603 Buffer overflow in Numpy - CVE-2021-33430

Cybersecurity Help s.r.o.

Published: 2022-03-24

Vulnerability identifier: #VU61603

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-33430

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Numpy
Web applications / Modules and components for CMS

Vendor: Numpy

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the PyArray_NewFromDescr_int() function of ctors.c. A remote attacker can pass specially crafted data to the library and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Numpy: 1.9.0 b1 - 1.20.3

External links
https://github.com/numpy/numpy/issues/18939

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell PowerStore Family

Ubuntu update for numpy

SUSE update for python-numpy

SUSE update for python2-numpy

Buffer overflow in IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

SUSE update for python2-numpy

Red Hat OpenStack Platform 16.2 update for numpy

Red Hat OpenStack Platform 16.1 update for numpy

SUSE update for python-numpy