Skip to main content

Incorrect Comparison

CVE-2021-34141

Severity Medium
Score 5.3/10

Summary

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0rc1 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • LOW

CWE-697 - Incorrect Comparison

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Advisory Timeline

  • Published