CVE-2017-12852
HIGH7.5EPSS 0.81%Numpy missing input validation
Published: 5/13/2022Modified: 11/8/2023
Description
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
Affected packages (2)
- PyPI/numpyfrom 0, < 1.13.3
- PyPI/numpyfrom 0, < 1.13.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (7)
- ADVISORYhttps://github.com/advisories/GHSA-frgw-fgh6-9g52
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-12852
- PATCHhttps://github.com/numpy/numpy
- WEBhttps://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
- WEBhttps://github.com/numpy/numpy/issues/9560#issuecomment-322395292
- WEBhttps://github.com/numpy/numpy/releases/tag/v1.13.3
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2017-1.yaml