Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-25399

Опубликовано: 06 июл. 2023
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.

A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a memory leak flaw in the Py_FindObjects() function due to a new reference not being decreased. This flaw allows a local attacker to send a specially crafted request, forcing the application to leak memory and perform a denial of service attack.

Отчет

This CVE is disputed as per upstream - https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6scipyOut of support scope
Red Hat Enterprise Linux 7scipyOut of support scope
Red Hat Enterprise Linux 8python27:2.7/scipyWill not fix
Red Hat Enterprise Linux 8python3.11-scipyNot affected
Red Hat Enterprise Linux 8python36:3.6/scipyWill not fix
Red Hat Enterprise Linux 8python39:3.9/scipyWill not fix
Red Hat Enterprise Linux 9python3.11-scipyWill not fix
Red Hat Enterprise Linux 9scipyWill not fix
Red Hat OpenShift Container Platform 4google-benchmarkNot affected
Red Hat OpenShift Container Platform 4python-sortedcontainersNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-401
https://bugzilla.redhat.com/show_bug.cgi?id=2220864scipy: refcounting issue leads to potential memory leak

EPSS

Процентиль: 37%
0.0016
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-25399

CVSS3: 5.5
ubuntu
около 2 лет назад

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.

nvd логотип

CVE-2023-25399

CVSS3: 5.5
nvd
около 2 лет назад

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.

debian логотип

CVE-2023-25399

CVSS3: 5.5
debian
около 2 лет назад

A refcounting issue which leads to potential memory leak was discovere ...

github логотип

GHSA-9jx5-6pgf-crrp

CVSS3: 5.5
github
около 2 лет назад

Withdrawn: scipy memory leak vulnerability

fstec логотип

BDU:2024-07433

CVSS3: 5.5
fstec
около 2 лет назад

Уязвимость функции Py_FindObjects() библиотеки для языка программирования Python с открытым исходным кодом scipy, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 37%
0.0016
Низкий

5.5 Medium

CVSS3

Уязвимость CVE-2023-25399