svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/160281/SciKit-Learn-0.23.2-Denial-Of-Service.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2020/Nov/44 | Mailing List Third Party Advisory |
https://github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp#L2501 | Exploit Third Party Advisory |
https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85 | Patch Third Party Advisory |
https://github.com/scikit-learn/scikit-learn/issues/18891 | Exploit Issue Tracking Third Party Advisory |
https://security.gentoo.org/glsa/202301-03 | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:21
Type | Values Removed | Values Added |
---|---|---|
Summary | svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute. |
17 Jan 2023, 18:24
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2020/Nov/44 - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/160281/SciKit-Learn-0.23.2-Denial-Of-Service.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85 - Patch, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202301-03 - Third Party Advisory | |
References | (MISC) https://github.com/scikit-learn/scikit-learn/issues/18891 - Exploit, Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:scikit-learn:scikit-learn:*:*:*:*:*:*:*:* |
11 Jan 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Nov 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-11-21 21:15
Updated : 2024-04-11 01:08
NVD link : CVE-2020-28975
Mitre link : CVE-2020-28975
CVE.ORG link : CVE-2020-28975
JSON object : View
Products Affected
scikit-learn
- scikit-learn
CWE