CVE-2020-28975: scikit-learn Denial of Service
(updated )
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor’s position is that the behavior can only occur if the library’s API is violated by an application that changes a private attribute.
References
- github.com/advisories/GHSA-jxfp-4rvq-9h9m
- github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp
- github.com/pypa/advisory-database/tree/main/vulns/scikit-learn/PYSEC-2020-108.yaml
- github.com/scikit-learn/scikit-learn
- github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85
- github.com/scikit-learn/scikit-learn/issues/18891
- nvd.nist.gov/vuln/detail/CVE-2020-28975
- security.gentoo.org/glsa/202301-03
Detect and mitigate CVE-2020-28975 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →