CVE-2021-41500
HIGHcvxopt <= 1.2.6 - Denial of Service via Fake Capsule Object in cholmod APIs
Title source: llmDescription
Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/cvxopt/cvxopt/issues/193
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXTPM3DGVYTYQ54OFCMXZVWVOMR7JM2D/
Scores
CVSS v3
7.5
EPSS
0.0118
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-697
Status
published
Products (3)
cvxopt_project/cvxopt
< 1.2.6
fedoraproject/fedora
34
pypi/cvxopt
0 - 1.2.7PyPI
Published
Dec 17, 2021
Tracked Since
Feb 18, 2026