CVE-2017-12852 – numpy

Package

Manager: pip
Name: numpy
Vulnerable Version: >=0 <1.13.3

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00526 pctl0.66096

Details

Numpy missing input validation The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

Metadata

Created: 2022-05-13T01:42:46Z
Modified: 2022-06-17T21:05:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-frgw-fgh6-9g52/GHSA-frgw-fgh6-9g52.json
CWE IDs: ["CWE-835"]
Alternative ID: GHSA-frgw-fgh6-9g52
Finding: F138
Auto approve: 1