VDB
CISA-2020-28975
CISA-2020-28975
PUBLISHED
Reported by mitre · Published November 21, 2020
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
Timeline
- Nov 21, 2020 CVE Published
- Aug 4, 2024 CVE Updated
- Apr 26, 2026 Security Advisory
References
- 20201130 scikit-learn 0.23.2 Local Denial of Service mailing-list
- GLSA-202301-03 vendor-advisory