VDB
CVE-2017-12852
CVE-2017-12852
PUBLISHED
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
EPSS 0.81% · 74.6th percentile
Risk Scores
EPSS Score
0.81%
74.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | python-numpy | 1:1.13.3-2ubuntu1, 0, 1:1.12.1-3.1ubuntu4 |
| Ubuntu:16.04:LTS | python-numpy | 1:1.8.2-1ubuntu2, 1:1.8.2-1ubuntu3, 1:1.11.0-1ubuntu1 |
Exploit Intelligence
- test the CVE-2017-12852 in numpy v1.13.1 and v1.13.3 has fixed the bug (github-poc-repo)
- test the CVE-2017-12852 in numpy v1.13.1 and v1.13.3 has fixed the bug (github-poc-repo)
- test the CVE-2017-12852 in numpy v1.13.1 and v1.13.3 has fixed the bug (github-poc-repo)
- test the CVE-2017-12852 in numpy v1.13.1 and v1.13.3 has fixed the bug (github-poc-repo)
- test the CVE-2017-12852 in numpy v1.13.1 and v1.13.3 has fixed the bug (github-poc-repo)
- test the CVE-2017-12852 in numpy v1.13.1 and v1.13.3 has fixed the bug (github-poc-repo)
- test the CVE-2017-12852 in numpy v1.13.1 and v1.13.3 has fixed the bug (github-poc-repo)
- test the CVE-2017-12852 in numpy v1.13.1 and v1.13.3 has fixed the bug (github-poc-repo)
- https://github.com/numpy/numpy/issues/9560#issuecomment-322395292 (nist-nvd)
- test the CVE-2017-12852 in numpy v1.13.1 and v1.13.3 has fixed the bug (github-poc)
…and 6 more exploits
Timeline
- Aug 15, 2017 CVE Published
- Oct 3, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-12852 third-party-advisory
- https://github.com/numpy/numpy/issues/9560#issuecomment-322395292 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-12852 third-party-advisory