CVE-2021-33430
Buffer Overflow vulnerability in numpy (PyPI)
What is CVE-2021-33430 About?
A Buffer Overflow vulnerability exists in NumPy 1.9.x when creating arrays with very large dimensions (over 32) via Python code. This flaw, located in the `PyArray_NewFromDescr_int` function, could lead to a Denial of Service. While the vendor disputes its critical nature, it is exploitable under specific conditions by a privileged user.
Affected Software
Technical Details
The Buffer Overflow vulnerability is present in NumPy version 1.9.x, specifically within the PyArray_NewFromDescr_int function located in ctors.c. This issue can be triggered when a user attempts to create NumPy arrays with an unusually large number of dimensions, exceeding 32, through Python code. The underlying C implementation handling array descriptor creation fails to adequately check buffer boundaries for these high-dimensional arrays. This improper boundary checking results in a buffer overflow, where data is written beyond the allocated memory, corrupting adjacent memory regions. This corruption ultimately leads to program instability and, consequently, a Denial of Service (DoS) by causing the application to crash.
What is the Impact of CVE-2021-33430?
Successful exploitation may allow attackers to cause a Denial of Service by crashing the application, leading to system instability and unavailability.
What is the Exploitability of CVE-2021-33430?
Exploiting this Buffer Overflow vulnerability is considered complex and requires specific prerequisites. An attacker would need to be a privileged user, capable of executing Python code that interacts directly with NumPy's array creation functions. The exploitation is local, as it requires direct code execution or the ability to submit crafted Python code to a system. The key condition is the creation of arrays with an exceptionally high number of dimensions (over 32), which is an uncommon API usage. The vendor notes that a user capable of triggering this would likely already have privileges to cause a DoS by other means, implying a high bar for actual exploitation in a security-relevant context. This reduces the practical risk despite the technical vulnerability.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2021-33430?
Available Upgrade Options
- numpy
- >1.9.0, <1.21 → Upgrade to 1.21
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/numpy/numpy
- https://github.com/numpy/numpy/issues/18939
- https://github.com/numpy/numpy/commit/ae317fd9ff3e79c0eac357d723bfc29cbd625f2e
- https://nvd.nist.gov/vuln/detail/CVE-2021-33430
- https://github.com/numpy/numpy/issues/18939
- https://osv.dev/vulnerability/GHSA-6p56-wp2h-9hxr
- https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2021-854.yaml
What are Similar Vulnerabilities to CVE-2021-33430?
Similar Vulnerabilities: CVE-2018-1000085 , CVE-2019-12290 , CVE-2020-29367 , CVE-2021-21303 , CVE-2022-29217
