#VU95807 Buffer overflow in Scikit-learn - CVE-2020-28975
Published: August 13, 2024
Vulnerability identifier: #VU95807
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-28975
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Scikit-learn
Scikit-learn
Software vendor:
scikit-learn.org
scikit-learn.org
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing SVM models within the svm_predict_values in svm.cpp. A remote attacker can pass a specially crafted model to the application, trigger memory corruption and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://github.com/scikit-learn/scikit-learn/issues/18891
- https://github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp#L2501
- http://seclists.org/fulldisclosure/2020/Nov/44
- http://packetstormsecurity.com/files/160281/SciKit-Learn-0.23.2-Denial-Of-Service.html
- https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85
- https://security.gentoo.org/glsa/202301-03