CVE-2017-12852

NameCVE-2017-12852
DescriptionThe numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs872407

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-numpy (PTS)wheezy1:1.6.2-1.2vulnerable
jessie1:1.8.2-2vulnerable
stretch1:1.12.1-3vulnerable
buster, sid1:1.13.1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-numpysource(unstable)(unfixed)medium872407

Notes

[stretch] - python-numpy <no-dsa> (Minor issue)
[jessie] - python-numpy <no-dsa> (Minor issue)
[wheezy] - python-numpy <no-dsa> (Minor issue)
https://github.com/numpy/numpy/issues/9560#issuecomment-322395292

Search for package or bug name: Reporting problems