PYSEC-2020-108

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/scikit-learn/PYSEC-2020-108.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2020-108
Aliases
Published
2020-11-21T21:15:00Z
Modified
2024-02-01T21:11:35.483458Z
Summary
[none]
Details

* DISPUTED * svmpredictvalues in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the nsupport array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.

References

Affected packages

PyPI / scikit-learn

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.24.dev0

Affected versions

0.*

0.9
0.10
0.11
0.12
0.12.1
0.13
0.13.1
0.14a1
0.14
0.14.1
0.15.0b1
0.15.0b2
0.15.0
0.15.1
0.15.2
0.16b1
0.16.0
0.16.1
0.17b1
0.17
0.17.1
0.18rc2
0.18
0.18.1
0.18.2
0.19b2
0.19.0
0.19.1
0.19.2
0.20rc1
0.20.0
0.20.1
0.20.2
0.20.3
0.20.4
0.21rc2
0.21.0
0.21.1
0.21.2
0.21.3
0.22rc2.post1
0.22rc3
0.22
0.22.1
0.22.2
0.22.2.post1
0.23.0rc1
0.23.0
0.23.1
0.23.2