CVE-2017-12852

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-12852

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12852.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-12852

Aliases

GHSA-frgw-fgh6-9g52
PYSEC-2017-1

Related

SUSE-RU-2017:3010-1
SUSE-SU-2022:3954-1
UBUNTU-CVE-2017-12852
openSUSE-SU-2024:11243-1
openSUSE-SU-2024:13820-1
openSUSE-SU-2024:14311-1

Published

2017-08-15T16:29:00Z

Modified

2025-02-19T00:58:42Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

References

https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852

Affected packages

Git / github.com/numpy/numpy

Affected ranges

Type: GIT
Repo: https://github.com/numpy/numpy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1462df1c20eae44d28e6b665b5d194788f57efc5