VDB

CISA-2020-28975

CISA-2020-28975 PUBLISHED

Reported by mitre · Published November 21, 2020

svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.

Affected Products

VendorProductVersions
n/an/an/a
n/an/a*, n/a

Timeline

  • Nov 21, 2020 CVE Published
  • Aug 4, 2024 CVE Updated
  • Apr 26, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›