CVE-2021-41496

unknown

Published 2022-02-08 · Modified 2023-11-08

CVSS v3

—

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2

—

VIR risk

—

Description

Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-41496

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2021-41496.html

OS impact

OS	Version	Status
sles		affected
debian	bookworm	affected
debian	bullseye	affected
debian	forky	affected
debian	sid	affected
debian	trixie	affected

Package impact

Ecosystem	Package	Vulnerable	Fixed
PyPI	numpy	`<1.19`	`1.19`
PyPI	numpy	`<1.19.0`	`1.19.0`

References

https://nvd.nist.gov/vuln/detail/CVE-2021-41496
https://github.com/numpy/numpy/issues/19000
https://github.com/numpy/numpy
https://www.oracle.com/security-alerts/cpujul2022.html
https://github.com/advisories/GHSA-f7c7-j99h-c22f
https://www.suse.com/security/cve/CVE-2021-41496.html
https://security-tracker.debian.org/tracker/CVE-2021-41496

Verify integrity in audit chain (admin only). AS-IS.