CVE-2017-12852

HIGH

numpy < 1.13.1 - Denial of Service via Empty Input to numpy.pad

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-12852. PoCs published by BT123.

AI-analyzed exploit summary The repository appears to be a snapshot of the NumPy library (version 1.13.1) with benchmarking code, but no exploit PoC for CVE-2017-12852 is present. The files are legitimate development and testing artifacts.

Description

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

Exploits (1)

nomisec STUB

by BT123 · poc

https://github.com/BT123/numpy-1.13.1

View Code ZIP pw:eip

The repository appears to be a snapshot of the NumPy library (version 1.13.1) with benchmarking code, but no exploit PoC for CVE-2017-12852 is present. The files are legitimate development and testing artifacts.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: NumPy 1.13.1

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_misc

https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852

View Writeup ZIP pw:eip

Exploit, Third Party Advisory x_refsource_confirm

https://github.com/numpy/numpy/issues/9560#issuecomment-322395292

Scores

CVSS v3 7.5

EPSS 0.0081

EPSS Percentile 74.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-835

Status published

Products (2)

numpy/numpy < 1.13.1

pypi/numpy 0 - 1.13.3PyPI

Published Aug 15, 2017

Tracked Since Feb 18, 2026