CVE-2021-34141

MEDIUM

NumPy <1.22.0 - Info Disclosure

Title source: llm

Description

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."

References (2)

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/numpy/numpy/issues/18993

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 5.3

EPSS 0.0006

EPSS Percentile 19.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-697

Status published

Products (3)

numpy/numpy < 1.22.0

oracle/communications_cloud_native_core_policy 22.1.3

pypi/numpy 0 - 1.22PyPI

Published Dec 17, 2021

Tracked Since Feb 18, 2026