Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1052 vulnerabilities reference this CWE, most recent first.

GHSA-FH2M-M4M5-49WC

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:36
VLAI
Details

The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8054"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-22T22:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.",
  "id": "GHSA-fh2m-m4m5-49wc",
  "modified": "2025-04-20T03:36:29Z",
  "published": "2022-05-13T01:47:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8054"
    },
    {
      "type": "WEB",
      "url": "http://qwertwwwe.github.io/2017/04/22/PoDoFo-0-9-5-allows-remote-attackers-to-cause-a-denial-of-service-infinit-loop"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FH8C-2997-R5XH

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some circumstances.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6594"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-26T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some circumstances.",
  "id": "GHSA-fh8c-2997-r5xh",
  "modified": "2022-05-13T01:22:43Z",
  "published": "2022-05-13T01:22:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6594"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K91026261"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FJCC-47Q7-FX2G

Vulnerability from github – Published: 2022-08-05 00:00 – Updated: 2022-08-11 00:00
VLAI
Details

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34862"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-04T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-fjcc-47q7-fx2g",
  "modified": "2022-08-11T00:00:31Z",
  "published": "2022-08-05T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34862"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K66510514"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FM2X-6XHH-XRHV

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43
VLAI
Details

In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65718319.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13193"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-12T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65718319.",
  "id": "GHSA-fm2x-6xhh-xrhv",
  "modified": "2022-05-13T01:43:06Z",
  "published": "2022-05-13T01:43:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13193"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-01-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102414"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040106"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FM82-QVR8-64WW

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42
VLAI
Details

The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12995"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-14T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().",
  "id": "GHSA-fm82-qvr8-64ww",
  "modified": "2022-05-13T01:42:52Z",
  "published": "2022-05-13T01:42:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12995"
    },
    {
      "type": "WEB",
      "url": "https://github.com/the-tcpdump-group/tcpdump/commit/3a76fd7c95fced2c2f8c8148a9055c3a542eff29"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHEA-2018:0705"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201709-23"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208221"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3971"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039307"
    },
    {
      "type": "WEB",
      "url": "http://www.tcpdump.org/tcpdump-changes.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FMM9-3GV8-58F4

Vulnerability from github – Published: 2021-09-07 23:08 – Updated: 2021-09-08 14:47
VLAI
Summary
Improper Handling of Missing Values in kaml
Details

Impact

Attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service.

This only affects applications that use polymorphic serialization with the default tagged polymorphism style. Applications using the property polymorphism style are not affected.

YAML input for a polymorphic type that provided a tag but no value for the object would trigger the issue, for example:

!<x>

The following is a sample application that demonstrates this issue:

import com.charleskorn.kaml.Yaml
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable

@Serializable
private sealed class K {
    @Serializable
    @SerialName("x")
    data class X(
        val property: String? = null,
    ) : K()
}

const val s = """
!<x>
"""

fun main() {
    println("Started.")
    val result = Yaml.default.decodeFromString(K.serializer(), s)
    println("Finished, result is $result")
}

On vulnerable versions of kaml, the decodeFromString() operation hangs and never returns.

Patches

Version 0.35.3 or later contain the fix for this issue.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 0.35.2"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.charleskorn.kaml:kaml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.35.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-39194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-230",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-07T18:02:13Z",
    "nvd_published_at": "2021-09-07T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nAttackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service. \n\nThis only affects applications that use polymorphic serialization with the default tagged polymorphism style. Applications using the property polymorphism style are not affected.\n\nYAML input for a polymorphic type that provided a tag but no value for the object would trigger the issue, for example:\n\n```yaml\n!\u003cx\u003e\n```\n\nThe following is a sample application that demonstrates this issue:\n\n```kotlin\nimport com.charleskorn.kaml.Yaml\nimport kotlinx.serialization.SerialName\nimport kotlinx.serialization.Serializable\n\n@Serializable\nprivate sealed class K {\n    @Serializable\n    @SerialName(\"x\")\n    data class X(\n        val property: String? = null,\n    ) : K()\n}\n\nconst val s = \"\"\"\n!\u003cx\u003e\n\"\"\"\n\nfun main() {\n    println(\"Started.\")\n    val result = Yaml.default.decodeFromString(K.serializer(), s)\n    println(\"Finished, result is $result\")\n}\n```\n\nOn vulnerable versions of kaml, the `decodeFromString()` operation hangs and never returns. \n\n\n### Patches\nVersion 0.35.3 or later contain the fix for this issue.",
  "id": "GHSA-fmm9-3gv8-58f4",
  "modified": "2021-09-08T14:47:32Z",
  "published": "2021-09-07T23:08:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/charleskorn/kaml/security/advisories/GHSA-fmm9-3gv8-58f4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39194"
    },
    {
      "type": "WEB",
      "url": "https://github.com/charleskorn/kaml/issues/179"
    },
    {
      "type": "WEB",
      "url": "https://github.com/charleskorn/kaml/commit/e18785d043fc6324c81e968aae9764b4b060bc6a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/charleskorn/kaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Handling of Missing Values in kaml"
}

GHSA-FMR6-8GGW-WC56

Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2022-05-24 16:56
VLAI
Details

In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-16319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-15T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.",
  "id": "GHSA-fmr6-8ggw-wc56",
  "modified": "2022-05-24T16:56:12Z",
  "published": "2022-05-24T16:56:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16319"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16020"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=02ddd49885c6a09e936a76aceb726ed06539704a"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2019-21.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FQ97-HV4F-CRM6

Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-04-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/fpu: Stop relying on userspace for info to fault in xsave buffer

Before this change, the expected size of the user space buffer was taken from fx_sw->xstate_size. fx_sw->xstate_size can be changed from user-space, so it is possible construct a sigreturn frame where:

  • fx_sw->xstate_size is smaller than the size required by valid bits in fx_sw->xfeatures.
  • user-space unmaps parts of the sigrame fpu buffer so that not all of the buffer required by xrstor is accessible.

In this case, xrstor tries to restore and accesses the unmapped area which results in a fault. But fault_in_readable succeeds because buf + fx_sw->xstate_size is within the still mapped area, so it goes back and tries xrstor again. It will spin in this loop forever.

Instead, fault in the maximum size which can be touched by XRSTOR (taken from fpstate->user_size).

[ dhansen: tweak subject / changelog ]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26603"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-26T16:28:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Stop relying on userspace for info to fault in xsave buffer\n\nBefore this change, the expected size of the user space buffer was\ntaken from fx_sw-\u003exstate_size. fx_sw-\u003exstate_size can be changed\nfrom user-space, so it is possible construct a sigreturn frame where:\n\n * fx_sw-\u003exstate_size is smaller than the size required by valid bits in\n   fx_sw-\u003exfeatures.\n * user-space unmaps parts of the sigrame fpu buffer so that not all of\n   the buffer required by xrstor is accessible.\n\nIn this case, xrstor tries to restore and accesses the unmapped area\nwhich results in a fault. But fault_in_readable succeeds because buf +\nfx_sw-\u003exstate_size is within the still mapped area, so it goes back and\ntries xrstor again. It will spin in this loop forever.\n\nInstead, fault in the maximum size which can be touched by XRSTOR (taken\nfrom fpstate-\u003euser_size).\n\n[ dhansen: tweak subject / changelog ]",
  "id": "GHSA-fq97-hv4f-crm6",
  "modified": "2024-04-17T18:31:31Z",
  "published": "2024-02-26T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26603"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/627339cccdc9166792ecf96bc3c9f711a60ce996"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/627e28cbb65564e55008315d9e02fbb90478beda"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8bd3eee7720c14b59a206bd05b98d7586bccf99a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b2479ab426cef7ab79a13005650eff956223ced2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d877550eaf2dc9090d782864c96939397a3c6835"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OX4EWCYDZRTOEMC2C6OF7ZACAP23SUB5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FQGW-6QJ5-8HMP

Vulnerability from github – Published: 2022-01-08 00:40 – Updated: 2022-01-07 18:33
VLAI
Summary
Infinite Loop in Apache James
Details

In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.james:james-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-40111"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-07T18:33:44Z",
    "nvd_published_at": "2022-01-04T09:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade.",
  "id": "GHSA-fqgw-6qj5-8hmp",
  "modified": "2022-01-07T18:33:44Z",
  "published": "2022-01-08T00:40:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40111"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2022/01/04/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/01/04/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Infinite Loop in Apache James"
}

GHSA-FRGW-FGH6-9G52

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-06-17 21:05
VLAI
Summary
Numpy missing input validation
Details

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "numpy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-12852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-17T21:05:33Z",
    "nvd_published_at": "2017-08-15T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.",
  "id": "GHSA-frgw-fgh6-9g52",
  "modified": "2022-06-17T21:05:33Z",
  "published": "2022-05-13T01:42:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12852"
    },
    {
      "type": "WEB",
      "url": "https://github.com/numpy/numpy/issues/9560#issuecomment-322395292"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-frgw-fgh6-9g52"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/numpy/numpy"
    },
    {
      "type": "WEB",
      "url": "https://github.com/numpy/numpy/releases/tag/v1.13.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2017-1.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Numpy missing input validation"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.