Bug 2220864 (CVE-2023-25399)

Summary: CVE-2023-25399 scipy: refcounting issue leads to potential memory leak
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dfreiber, hhorak, jburrell, jkoehler, jorton, kaycoth, kshier, mmuzila, nforro, python-maint, rbobbitt, rogbas, stcannon, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a memory leak flaw in the Py_FindObjects() function due to a new reference not being decreased. This flaw allows a local attacker to send a specially crafted request, forcing the application to leak memory and perform a denial of service attack.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2221026, 2221027, 2221023, 2221024, 2221025, 2221028, 2221029, 2221030, 2221031, 2221064, 2221065, 2221066, 2221067, 2221068, 2221069, 2221070    
Bug Blocks: 2220862    

Description Rohit Keshri 2023-07-06 10:22:46 UTC 
** DISPUTED ** A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.

https://github.com/scipy/scipy/issues/16235
https://github.com/scipy/scipy/pull/16397
http://www.square16.org/achievement/cve-2023-25399/
https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328
Comment 2 Rohit Keshri 2023-07-07 05:03:53 UTC 
Created cura tracking bugs for this issue:

Affects: fedora-37 [bug 2221029]


Created espresso tracking bugs for this issue:

Affects: epel-8 [bug 2221027]


Created google-benchmark tracking bugs for this issue:

Affects: epel-7 [bug 2221025]
Affects: epel-8 [bug 2221028]
Affects: fedora-37 [bug 2221030]
Affects: fedora-38 [bug 2221031]


Created python3-scipy tracking bugs for this issue:

Affects: epel-7 [bug 2221026]


Created scipy tracking bugs for this issue:

Affects: fedora-37 [bug 2221023]
Affects: fedora-38 [bug 2221024]
Comment 5 Petr Viktorin (pviktori) 2023-07-10 06:20:36 UTC 
This doesn't look like a security issue, see https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328