Bt123

Name of the Vulnerable Software and Affected Versions: Python versions through 3.6.4 Description: The issue concerns the `Wave read. read fmt chunk` function in `Lib/wave.py`, which does not ensure a nonzero channel value. This allows attackers to cause a denial of service via a crafted wav format audio file, resulting in a divide-by-zero error and exception. The vendor disputes this issue, stating that Python applications need to be prepared to handle a wide variety of exceptions. Recommendations: For Python versions through 3.6.4, consider adding exception handling to manage potential divide-by-zero errors when processing wav format audio files. As a temporary workaround, consider implementing checks to ensure nonzero channel values before performing operations that could lead to division by zero. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Numpy versions 1.13.1 and earlier **Description** The issue is related to missing input validation in the numpy.pad function. This can cause an infinite loop when an empty list or ndarray is used, potentially allowing attackers to conduct a Denial of Service (DoS) attack. **Recommendations** For versions 1.13.1 and earlier, consider adding input validation to the numpy.pad function to prevent empty lists or ndarrays from causing an infinite loop. As a temporary workaround, restrict the use of the numpy.pad function with unvalidated input until a fix is available.