CVE-2017-12852

HIGH

Numpy < 1.13.1 - Infinite Loop

Title source: rule

Description

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

Exploits (1)

nomisec STUB

by BT123 · poc

https://github.com/BT123/numpy-1.13.1

View Code ZIP pw:eip

References (2)

[Various Sources] https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852

[Exploit, Third Party Advisory] https://github.com/numpy/numpy/issues/9560#issuecomment-322395292

Scores

CVSS v3 7.5

EPSS 0.0081

EPSS Percentile 74.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-835

Status published

Products (2)

numpy/numpy < 1.13.1

pypi/numpy 0 - 1.13.3PyPI

Published Aug 15, 2017

Tracked Since Feb 18, 2026