CVE-2021-41495 - OpenCVE

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Numpy	Numpy
Redhat	Openstack

Configuration 1 [-]

cpe:2.3:a:numpy:numpy:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenStack Platform 16.1
numpy-1:1.17.0-11.el8ost	cpe:/a:redhat:openstack:16.1::el8	RHSA-2022:8861	2022-12-07T00:00:00Z
Red Hat OpenStack Platform 16.2
numpy-1:1.17.0-11.el8ost	cpe:/a:redhat:openstack:16.2::el8	RHSA-2022:8852	2022-12-07T00:00:00Z

References

Link	Providers
https://github.com/numpy/numpy/issues/19038
https://nvd.nist.gov/vuln/detail/CVE-2021-41495
https://www.cve.org/CVERecord?id=CVE-2021-41495
https://www.oracle.com/security-alerts/cpujul2022.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-17T19:25:19

Updated: 2024-08-04T03:15:28.284Z

Reserved: 2021-09-20T00:00:00

Link: CVE-2021-41495

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-12-17T20:15:08.477

Modified: 2024-08-04T04:15:39.510

Link: CVE-2021-41495

Redhat

Severity : Moderate

Publid Date: 2021-05-19T00:00:00Z

Links: CVE-2021-41495 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-07T19:08:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/numpy/numpy/issues/19038"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-41495", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/numpy/numpy/issues/19038", "refsource": "MISC", "url": "https://github.com/numpy/numpy/issues/19038"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:15:28.284Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/numpy/numpy/issues/19038"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["x_transferred"]}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-41495", "datePublished": "2021-12-17T19:25:19", "dateReserved": "2021-09-20T00:00:00", "dateUpdated": "2024-08-04T03:15:28.284Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:numpy:numpy:*:*:*:*:*:*:*:*", "matchCriteriaId": "45CF1897-BE04-465C-96D5-CB5D76DF2F88", "versionEndIncluding": "1.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place"}, {"lang": "es", "value": "** EN DISPUTA ** Se presenta una vulnerabilidad de Desreferencia de Puntero Null en el archivo numpy.sort en NumPy versi\u00f3n 1.19, en la funci\u00f3n PyArray_DescrNew debido a una falta de comprobaci\u00f3n del valor de retorno, lo que permite a atacantes llevar a cabo ataques de denegaci\u00f3n de servicio mediante la creaci\u00f3n y ordenaci\u00f3n repetitiva de arrays. NOTA: Si bien es correcto que falta la validaci\u00f3n, s\u00f3lo puede producirse un error debido a un agotamiento de la memoria. Si el usuario puede agotar la memoria, ya es privilegiado. Adem\u00e1s, deber\u00eda ser pr\u00e1cticamente imposible construir un ataque que pueda dirigirse al agotamiento de la memoria para que ocurra exactamente en este lugar"}], "id": "CVE-2021-41495", "lastModified": "2024-08-04T04:15:39.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-17T20:15:08.477", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/numpy/numpy/issues/19038"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:8861", "cpe": "cpe:/a:redhat:openstack:16.1::el8", "package": "numpy-1:1.17.0-11.el8ost", "product_name": "Red Hat OpenStack Platform 16.1", "release_date": "2022-12-07T00:00:00Z"}, {"advisory": "RHSA-2022:8852", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "numpy-1:1.17.0-11.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2022-12-07T00:00:00Z"}], "bugzilla": {"description": "numpy: NULL pointer dereference in numpy.sort in in the PyArray_DescrNew() due to missing return-value validation", "id": "2035037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035037"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place"], "name": "CVE-2021-41495", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "numpy", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "numpy", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "inkscape:flatpak/numpy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "numpy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python27:2.7/numpy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python38:3.8/numpy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python39:3.9/numpy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "numpy", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "numpy", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "python27-numpy", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python38-numpy", "product_name": "Red Hat Software Collections"}], "public_date": "2021-05-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-41495\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41495"], "threat_severity": "Moderate"}