Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2021-33430

Published: 17 December 2021

** DISPUTED ** A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user.

Priority

Medium

Cvss 3 Severity Score

5.3

Score breakdown

Status

Package Release Status
numpy
Launchpad, Ubuntu, Debian
jammy Not vulnerable
(1:1.21.5-1build2)
kinetic Not vulnerable
(1:1.21.5-1build2)
focal
Released (1:1.17.4-5ubuntu3.1)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
trusty Ignored
(end of standard support)
upstream
Released (1:1.21.4-2)
xenial Ignored
(end of standard support)

Severity score breakdown

Parameter Value
Base score 5.3
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H