Vulnerability Description
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Numpy | Numpy | < 1.22.0 |
| Oracle | Communications Cloud Native Core Policy | 22.1.3 |
Related Weaknesses (CWE)
References
- https://github.com/numpy/numpy/issues/18993ExploitIssue TrackingPatch
- https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
- https://github.com/numpy/numpy/issues/18993ExploitIssue TrackingPatch
- https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
FAQ
What is CVE-2021-34141?
CVE-2021-34141 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor stat...
How severe is CVE-2021-34141?
CVE-2021-34141 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34141?
Check the references section above for vendor advisories and patch information. Affected products include: Numpy Numpy, Oracle Communications Cloud Native Core Policy.