FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-numpy -- Missing return-value validation of the function PyArray_DescrNew

Affected packages
py310-numpy < 1.22.4
py38-numpy < 1.22.4
py39-numpy < 1.22.4

Details

VuXML ID b51cfaea-e919-11ec-9fba-080027240888
Discovery 2021-05-19
Entry 2022-06-11

Numpy reports:

At most call-sites for PyArray_DescrNew, there are no validations of its return, but an invalid address may be returned.

References

CVE Name CVE-2021-41495
URL https://github.com/numpy/numpy/pull/20960