CVE-2017-12852

Published: Aug 15, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

Affected (1)

Products: Numpy: Numpy

Numpy

1 product

Numpy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Numpy Numpy	Up to 1.13.1

Related CWEs

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (4)

https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852

Source: cve@mitre.org

https://github.com/numpy/numpy/issues/9560#issuecomment-322395292

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/numpy/numpy/issues/9560#issuecomment-322395292

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.