CVE-2021-41496 - Vulnerability Details - OpenCVE

Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally)

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00054.

Key SSVC decision points have not yet been added.

Vendors	Products
Numpy	Numpy
Redhat	Openstack

Configuration 1 [-]

cpe:2.3:a:numpy:numpy:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenStack Platform 16.1
numpy-1:1.17.0-8.el8ost	cpe:/a:redhat:openstack:16.1::el8	RHSA-2022:0987	2022-03-24T00:00:00Z
Red Hat OpenStack Platform 16.2
numpy-1:1.17.0-8.el8ost	cpe:/a:redhat:openstack:16.2::el8	RHSA-2022:1000	2022-03-23T00:00:00Z

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-f7c7-j99h-c22f	Buffer Copy without Checking Size of Input in NumPy
Ubuntu USN	USN-5763-1	NumPy vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/numpy/numpy/issues/19000
https://nvd.nist.gov/vuln/detail/CVE-2021-41496
https://www.cve.org/CVERecord?id=CVE-2021-41496
https://www.oracle.com/security-alerts/cpujul2022.html

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00031}`	epss `{'score': 0.00042}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-17T19:56:35

Updated: 2024-08-04T03:15:28.678Z

Reserved: 2021-09-20T00:00:00

Link: CVE-2021-41496

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-12-17T20:15:08.517

Modified: 2024-11-21T06:26:19.130

Link: CVE-2021-41496

Redhat

Severity : Moderate

Publid Date: 2021-05-13T00:00:00Z

Links: CVE-2021-41496 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally)"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-07T18:10:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/numpy/numpy/issues/19000"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-41496", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/numpy/numpy/issues/19000", "refsource": "MISC", "url": "https://github.com/numpy/numpy/issues/19000"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:15:28.678Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/numpy/numpy/issues/19000"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["x_transferred"]}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-41496", "datePublished": "2021-12-17T19:56:35", "dateReserved": "2021-09-20T00:00:00", "dateUpdated": "2024-08-04T03:15:28.678Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:numpy:numpy:*:*:*:*:*:*:*:*", "matchCriteriaId": "341472C4-4DBC-4F3D-B672-5F1C58D5A2C3", "versionEndExcluding": "1.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally)"}, {"lang": "es", "value": "** EN DISPUTA ** Un desbordamiento de b\u00fafer en la funci\u00f3n array_from_pyobj del archivo fortranobject.c en NumPy versiones anteriores a 1.19, que permite a atacantes realizar un ataque de denegaci\u00f3n de servicio al construir cuidadosamente un array con valores negativos. NOTA: El proveedor no est\u00e1 de acuerdo en que esto sea una vulnerabilidad; las dimensiones negativas s\u00f3lo pueden ser creadas por un usuario ya privilegiado (o internamente)"}], "id": "CVE-2021-41496", "lastModified": "2024-11-21T06:26:19.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-17T20:15:08.517", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/numpy/numpy/issues/19000"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/numpy/numpy/issues/19000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:0987", "cpe": "cpe:/a:redhat:openstack:16.1::el8", "package": "numpy-1:1.17.0-8.el8ost", "product_name": "Red Hat OpenStack Platform 16.1", "release_date": "2022-03-24T00:00:00Z"}, {"advisory": "RHSA-2022:1000", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "numpy-1:1.17.0-8.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2022-03-23T00:00:00Z"}], "bugzilla": {"description": "numpy: buffer overflow in the array_from_pyobj() in fortranobject.c", "id": "2035040", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035040"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally)"], "name": "CVE-2021-41496", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "numpy", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "numpy", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "inkscape:flatpak/numpy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "numpy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python27:2.7/numpy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python38:3.8/numpy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python39:3.9/numpy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "numpy", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "numpy", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "python27-numpy", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python38-numpy", "product_name": "Red Hat Software Collections"}], "public_date": "2021-05-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-41496\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41496"], "threat_severity": "Moderate"}