NumPy Buffer Error Vulnerability
Classic buffer overflow
[The vulnerability is controversial] NumPy is a Python scientific computing package. The product supports a large number of dimension arrays and matrix calculations, and provides a large number of mathematical function libraries for data operations. There is a buffer error vulnerability in NumPy 1.9. The vulnerability is due to the lack of restrictions on the array length in the PyArray_NewFromDescr_int function of ctor. c, which leads to a buffer overflow vulnerability. When an array with large dimensions (more than 32) is specified from Python code, this may lead to a denial of service for malicious users.
NumPy security vulnerability
Inadequate comparison
Incomplete string comparisons in numpy.core components before NumPy 1.22.0 allow attackers to trigger slightly incorrect replication by constructing specific string objects. Note: The supplier declares that the code behavior of this report is completely harmless.
NumPy Code Problem Vulnerability
Null pointer dereference
[The vulnerability is controversial] NumPy is a Python scientific computing package. The product supports a large number of dimension arrays and matrix calculations, and provides a large number of mathematical function libraries for data operations. There is a code problem vulnerability in NumPy 1.19, which originates from. Null has a null pointer dereference vulnerability. In the PyArray_DescrNew function in the software, due to the lack of return value verification, a null pointer dereference vulnerability is caused, which allows attackers to use this vulnerability to conduct DoS attacks by repeatedly creating sorting arrays.
NumPy security vulnerability
Classic buffer overflow
[The vulnerability is controversial] * * DISPUTED * * NumPy<1.19. The buffer overflow in the array_from_pyobj function of fortranobject. c allows attackers to conduct denial of service attacks by carefully constructing arrays with negative values. Note: The supplier does not agree that this is a loophole; Negative dimensions can only be created by users (or internal) who already have privileges.
Tornado Input Validation Error Vulnerability
Cross site redirection
Tornado is a Python Web framework and asynchronous network library of the Tornado community in China. By using non blocking network I/O, the library can be extended to thousands of open connections, making it very suitable for long time polling, WebSocket and other applications that need to establish long-term connections with each user. Tornado 6.3.1 and earlier versions have a security vulnerability, which is due to the existence of an open redirection vulnerability. When visiting a specially crafted URL, website users using the affected product may be redirected to any website.
No more
Loading failed, please refresh the page