HIGH 7.5 PyPI
Numpy missing input validation
GHSA-frgw-fgh6-9g52 · CVE-2017-12852 · PYSEC-2017-1
Published · Modified
Description
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-12852
- WEB https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
- WEB https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
- ADVISORY https://github.com/advisories/GHSA-frgw-fgh6-9g52
- PACKAGE https://github.com/numpy/numpy
- WEB https://github.com/numpy/numpy/releases/tag/v1.13.3
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2017-1.yaml
Ready to move
Start Securing
Free, no credit card | First findings in minutes