Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 832736 (CVE-2021-41495) - <dev-python/numpy-1.22.2: null pointer dereference
Summary: <dev-python/numpy-1.22.2: null pointer dereference
Status: CONFIRMED
Alias: CVE-2021-41495
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/numpy/numpy/issues...
Whiteboard:
Keywords:
Depends on: 832750
Blocks:
  Show dependency tree
 
Reported: 2022-02-05 04:08 UTC by John Helmert III
Modified: 2022-02-05 09:01 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2022-02-05 04:08:50 UTC
https://github.com/advisories/GHSA-5545-2q6w-2gh6

"Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays."

Already bumped, so please stabilize when ready.