CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-41500
https://notcve.org/view.php?id=CVE-2021-41500
Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. Se presenta una vulnerabilidad de comparación incompleta de cadenas en cvxopt.org cvxop versiones anteriores a 1.2.6 incluyéndola, en las APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), que permite a atacantes conducir ataques de denegación de servicio mediante la construcción de objetos Capsule falsos • https://github.com/cvxopt/cvxopt/issues/193 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXTPM3DGVYTYQ54OFCMXZVWVOMR7JM2D • CWE-697: Incorrect Comparison •