BDU:2022-06724

Уязвимость функции _convert_from_str() компонента numpy.core модуля NumPy для Python, позволяющая нарушителю инициировать копирование данных

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

CVE-2021-34141

Published: 2021-12-17
Modified: 2024-11-21

CVE-2021-34141

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

https://github.com/numpy/numpy/issues/18993
https://github.com/numpy/numpy/issues/18993
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpujul2022.html

Version: 2.1.0

Package python3-module-numpy update in sisyphus_riscv64 on 2022-02-09

ALT-PU-2022-3959-1

Closed vulnerabilities

BDU:2022-06724

CVE-2021-34141