Bug 2221034 (CVE-2023-29824)

Summary: CVE-2023-29824 scipy: use-after-free in Py_FindObjects() function
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: cstratak, dfreiber, hhorak, jburrell, jkoehler, jorton, kaycoth, kshier, nforro, python-maint, rbobbitt, rogbas, stcannon, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a use-after-free bug in the Py_FindObjects() function. By sending a specially crafted request, an attacker can cause a denial of service condition.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2221053, 2221051, 2221052, 2221054, 2221055, 2221056, 2221057, 2221058, 2221059, 2221074, 2221075, 2221076, 2221077, 2221078, 2221079, 2221080    
Bug Blocks: 2220862    

Description Rohit Keshri 2023-07-07 05:20:00 UTC 
** DISPUTED ** A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0.

https://github.com/scipy/scipy/issues/14713
http://www.square16.org/achievement/cve-2023-29824/
https://github.com/scipy/scipy/pull/15013
https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565
Comment 1 TEJ RATHI 2023-07-07 06:51:29 UTC 
Created cura tracking bugs for this issue:

Affects: fedora-37 [bug 2221055]


Created espresso tracking bugs for this issue:

Affects: epel-8 [bug 2221053]


Created google-benchmark tracking bugs for this issue:

Affects: epel-7 [bug 2221051]
Affects: epel-8 [bug 2221054]
Affects: fedora-37 [bug 2221056]
Affects: fedora-38 [bug 2221058]


Created python3-scipy tracking bugs for this issue:

Affects: epel-7 [bug 2221052]


Created scipy tracking bugs for this issue:

Affects: fedora-37 [bug 2221057]
Affects: fedora-38 [bug 2221059]
Comment 6 Charalampos Stratakis 2023-07-11 16:31:42 UTC 
It seems this is not a CVE according to https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565
Comment 7 errata-xmlrpc 2023-10-31 14:02:06 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5009 https://access.redhat.com/errata/RHSA-2023:5009