Msrc Cm1 Numpy 1.16.6-2 On Cbl Mariner 1.0 vulnerabilities

CVE-2021-34141 [MEDIUM] CWE-697 An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor stat An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless." FAQ:

CVE-2021-41496 [MEDIUM] CWE-120 Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19 which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative value Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who ch

CVE-2021-41495 [MEDIUM] CWE-476 Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation which allows attackers to conduct DoS attacks Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that valida