CVE-2017-12852

Опубликовано: 15 авг. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

Ссылки

https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
Exploit
Third Party Advisory
https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:numpy:numpy:*:*:*:*:*:*:*:*

Версия до 1.13.1 (включая)

EPSS

Процентиль: 74%

0.00808

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-835

Связанные уязвимости

CVE-2017-12852

CVSS3: 7.5

ubuntu

больше 8 лет назад

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

CVE-2017-12852

CVSS3: 4

redhat

больше 8 лет назад

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

CVE-2017-12852

CVSS3: 7.5

debian

больше 8 лет назад

The numpy.pad function in Numpy 1.13.1 and older versions is missing i ...

SUSE-SU-2022:3954-1

suse-cvrf

около 3 лет назад

Security update for python-numpy

SUSE-RU-2017:3010-1

suse-cvrf

около 8 лет назад

Initial release of python-numpy for HPC (v1.13.3, gcc)

EPSS

Процентиль: 74%

0.00808

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-835