SCA: security update for numpy (GHSA-6p56-wp2h-9hxr)

medium Tenable Self-Hosted Container Security Plugin ID 411548

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c
when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user
cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In (very limited)
circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged
to at least provoke denial of service by exhausting memory. Triggering this further requires the use of
uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged
user (CVE-2021-33430)

See Also

https://github.com/advisories/GHSA-6p56-wp2h-9hxr

Plugin Details

Severity: Medium

ID: 411548

Version: Revision 1.4

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2021-33430

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6

Threat Score: 5.4

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/7/2022

Vulnerability Publication Date: 12/17/2021

Reference Information

CVE: CVE-2021-33430

cwe: CWE-120