PYSEC-2020-108
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/scikit-learn/PYSEC-2020-108.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2020-108
- Aliases
- Published
- 2020-11-21T21:15:00Z
- Modified
- 2024-02-01T21:11:35.483458Z
- Summary
- [none]
- Details
-
* DISPUTED * svmpredictvalues in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the nsupport array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.
- References
Affected packages
PyPI / scikit-learn
Package
- Name
- scikit-learn
- View open source insights on deps.dev
- Purl
- pkg:pypi/scikit-learn
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.24.dev0
Affected versions
0.*
0.9
0.10
0.11
0.12
0.12.1
0.13
0.13.1
0.14a1
0.14
0.14.1
0.15.0b1
0.15.0b2
0.15.0
0.15.1
0.15.2
0.16b1
0.16.0
0.16.1
0.17b1
0.17
0.17.1
0.18rc2
0.18
0.18.1
0.18.2
0.19b2
0.19.0
0.19.1
0.19.2
0.20rc1
0.20.0
0.20.1
0.20.2
0.20.3
0.20.4
0.21rc2
0.21.0
0.21.1
0.21.2
0.21.3
0.22rc2.post1
0.22rc3
0.22
0.22.1
0.22.2
0.22.2.post1
0.23.0rc1
0.23.0
0.23.1
0.23.2