CVE-2021-41495: 
Python vulnerability analysis and mitigation

A Null Pointer Dereference vulnerability exists in numpy.sort in NumPy versions prior to 1.19 in the PyArray_DescrNew function due to missing return-value validation. This vulnerability was discovered in 2021 and has been assigned identifier CVE-2021-41495. The vulnerability affects the NumPy library, which is a fundamental package for scientific computing with Python (NVD).

The vulnerability stems from missing return-value validation in the PyArray_DescrNew function within numpy.sort. When NULL is returned from memory allocation functions, the code fails to properly validate these return values, which could lead to null pointer dereference issues. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) with vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

While the vulnerability could theoretically allow attackers to conduct denial of service (DoS) attacks by repetitively creating sort arrays, the actual impact is disputed. The vulnerability can only manifest when memory is exhausted, and if a user can exhaust memory, they likely already have privileged access. Furthermore, it would be practically impossible to construct an attack that targets memory exhaustion to occur at exactly this specific location (NVD).

The vulnerability has been addressed in subsequent versions of NumPy. Organizations using affected versions should upgrade to a patched version. Red Hat has released security updates for affected packages, including numpy-1.17.0-11.el8ost for various platforms (Red Hat Advisory).