Synced 18 Jun 2026 05:58 UTC Account
← All products

CVE-2017-12852

HIGH severity · CVSS 7.5 · CWE-835
7.5CVSS HIGH

Summary

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactNone
Integrity impactNone
Availability impactHigh
Exploit probability (EPSS)3%

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products we track (1)

NumPy

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information