What is the severity of CVE-2017-12852?

CVE-2017-12852 has a severity rating that indicates a potential for denial of service due to an infinite loop in the numpy.pad function.

How do I fix CVE-2017-12852?

To fix CVE-2017-12852, upgrade to Numpy version 1.13.2 or later, which includes a patch for the input validation issue.

What vulnerabilities does CVE-2017-12852 exploit?

CVE-2017-12852 exploits the lack of input validation in the numpy.pad function when handling empty lists or ndarrays.

Is CVE-2017-12852 present in the latest versions of Numpy?

No, CVE-2017-12852 is not present in the latest versions of Numpy, as it was addressed in version 1.13.2 and subsequent releases.

Who is affected by CVE-2017-12852?

Users and applications relying on Numpy versions 1.13.1 and older are at risk from CVE-2017-12852.

Vulnerability/
CVE-2017-12852

high

7.5

CWE

835 20

15/8/2017

5/8/2024

CVE-2017-12852: Input Validation

First published: Tue Aug 15 2017(Updated: )

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
NumPy NumPy	<=1.13.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-12852?
CVE-2017-12852 has a severity rating that indicates a potential for denial of service due to an infinite loop in the numpy.pad function.
How do I fix CVE-2017-12852?
To fix CVE-2017-12852, upgrade to Numpy version 1.13.2 or later, which includes a patch for the input validation issue.
What vulnerabilities does CVE-2017-12852 exploit?
CVE-2017-12852 exploits the lack of input validation in the numpy.pad function when handling empty lists or ndarrays.
Is CVE-2017-12852 present in the latest versions of Numpy?
No, CVE-2017-12852 is not present in the latest versions of Numpy, as it was addressed in version 1.13.2 and subsequent releases.
Who is affected by CVE-2017-12852?
Users and applications relying on Numpy versions 1.13.1 and older are at risk from CVE-2017-12852.

agent/references
agent/type
agent/severity
agent/weakness
agent/author
agent/description
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/first-publish-date
agent/event
agent/source
vendor/numpy
canonical/numpy numpy
version/numpy numpy/1.13.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2017-12852?
CVE-2017-12852 has a severity rating that indicates a potential for denial of service due to an infinite loop in the numpy.pad function.
How do I fix CVE-2017-12852?
To fix CVE-2017-12852, upgrade to Numpy version 1.13.2 or later, which includes a patch for the input validation issue.
What vulnerabilities does CVE-2017-12852 exploit?
CVE-2017-12852 exploits the lack of input validation in the numpy.pad function when handling empty lists or ndarrays.
Is CVE-2017-12852 present in the latest versions of Numpy?
No, CVE-2017-12852 is not present in the latest versions of Numpy, as it was addressed in version 1.13.2 and subsequent releases.
Who is affected by CVE-2017-12852?
Users and applications relying on Numpy versions 1.13.1 and older are at risk from CVE-2017-12852.