Vulnerability Description
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Numpy | Numpy | <= 1.13.1 |
Related Weaknesses (CWE)
References
- https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
- https://github.com/numpy/numpy/issues/9560#issuecomment-322395292ExploitThird Party Advisory
- https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
- https://github.com/numpy/numpy/issues/9560#issuecomment-322395292ExploitThird Party Advisory
FAQ
What is CVE-2017-12852?
CVE-2017-12852 is a vulnerability with a CVSS score of 7.5 (HIGH). The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
How severe is CVE-2017-12852?
CVE-2017-12852 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12852?
Check the references section above for vendor advisories and patch information. Affected products include: Numpy Numpy.