CVE-2017-12852
high
CVSS v3
7.5
CVSS v2
5.0
VIR risk
7.5
Description
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2017-12852.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | numpy | <1.13.3 | 1.13.3 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| numpy | numpy | {"endIncluding":"1.13.1"} | |
References
- https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
- https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
- https://nvd.nist.gov/vuln/detail/CVE-2017-12852
- https://github.com/advisories/GHSA-frgw-fgh6-9g52
- https://github.com/numpy/numpy
- https://github.com/numpy/numpy/releases/tag/v1.13.3
- https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2017-1.yaml
- https://www.suse.com/security/cve/CVE-2017-12852.html
CWEs
CWE-835
Verify integrity in audit chain (admin only). AS-IS.