numpy is vulnerable to Out-of-bounds Write
56
Medium Risk
NumPy's timedelta-to-string cast resolver in time_to_string_resolve_descriptors computes a fixed output string length and ignores the width of an explicitly requested fixed-width string dtype for timedelta64 inputs. When a timedelta64 array is cast to an S or U string dtype narrower than the value's textual representation, the conversion loop writes the full string past the end of the output array's heap buffer. This out-of-bounds write corrupts adjacent heap memory and can crash the process. The fix clamps the loop's output element size to the requested output dtype size.
You are affected if you are using a version that falls within the vulnerable range and your application casts timedelta64 arrays to a fixed-width string dtype narrower than the value's string representation.
numpy is vulnerable to Out-of-bounds Write in versions 1.21.0 - 2.4.4.
Upgrade the numpy library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant