CVE-2023-37365: Double Free

June 30, 2023 (updated July 7, 2023)

Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.

References

github.com/advisories/GHSA-xwc8-rf6m-xr86
github.com/nmslib/hnswlib/issues/467
nvd.nist.gov/vuln/detail/CVE-2023-37365

Detect and mitigate CVE-2023-37365 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →