GHSA-frgw-fgh6-9g52
Suggest an improvement- Source
- https://github.com/advisories/GHSA-frgw-fgh6-9g52
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-frgw-fgh6-9g52/GHSA-frgw-fgh6-9g52.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-frgw-fgh6-9g52
- Aliases
-
- CVE-2017-12852
- PYSEC-2017-1
- Published
- 2022-05-13T01:42:46Z
- Modified
- 2023-11-08T03:58:54.336802Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Numpy missing input validation
- Details
-
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-12852
- https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
- https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
- https://github.com/advisories/GHSA-frgw-fgh6-9g52
- https://github.com/numpy/numpy
- https://github.com/numpy/numpy/releases/tag/v1.13.3
- https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2017-1.yaml
Affected packages
PyPI / numpy
Package
- Name
- numpy
- View open source insights on deps.dev
- Purl
- pkg:pypi/numpy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.13.3
Affected versions
0.*
0.9.6
0.9.8
1.*
1.0b1
1.0b4
1.0b5
1.0rc1
1.0rc2
1.0rc3
1.0
1.0.3
1.0.4
1.1.1
1.2.0
1.2.1
1.3.0
1.4.0
1.4.1
1.5.0
1.5.1
1.6.0
1.6.1
1.6.2
1.7.0
1.7.1
1.7.2
1.8.0
1.8.1
1.8.2
1.9.0
1.9.1
1.9.2
1.9.3
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.11.0
1.11.1
1.11.2
1.11.3
1.12.0
1.12.1
1.13.0
1.13.1