2220864 – (CVE-2023-25399) CVE-2023-25399 scipy: refcounting issue leads to potential memory leak

Bug 2220864 (CVE-2023-25399) - CVE-2023-25399 scipy: refcounting issue leads to potential memory leak

Summary: CVE-2023-25399 scipy: refcounting issue leads to potential memory leak

Keywords:
Status:	NEW
Alias:	CVE-2023-25399
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2221024 2221026 2221027 2221023 2221025 2221028 2221029 2221030 2221031 2221064 2221065 2221066 2221067 2221068 2221069 2221070
Blocks:	2220862
TreeView+	depends on / blocked

Reported:	2023-07-06 10:22 UTC by Rohit Keshri
Modified:	2024-01-01 01:09 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a memory leak flaw in the Py_FindObjects() function due to a new reference not being decreased. This flaw allows a local attacker to send a specially crafted request, forcing the application to leak memory and perform a denial of service attack.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Rohit Keshri 2023-07-06 10:22:46 UTC

** DISPUTED ** A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.

https://github.com/scipy/scipy/issues/16235
https://github.com/scipy/scipy/pull/16397
http://www.square16.org/achievement/cve-2023-25399/
https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328

Comment 2 Rohit Keshri 2023-07-07 05:03:53 UTC

Created cura tracking bugs for this issue:

Affects: fedora-37 [bug 2221029]


Created espresso tracking bugs for this issue:

Affects: epel-8 [bug 2221027]


Created google-benchmark tracking bugs for this issue:

Affects: epel-7 [bug 2221025]
Affects: epel-8 [bug 2221028]
Affects: fedora-37 [bug 2221030]
Affects: fedora-38 [bug 2221031]


Created python3-scipy tracking bugs for this issue:

Affects: epel-7 [bug 2221026]


Created scipy tracking bugs for this issue:

Affects: fedora-37 [bug 2221023]
Affects: fedora-38 [bug 2221024]

Comment 5 Petr Viktorin (pviktori) 2023-07-10 06:20:36 UTC

This doesn't look like a security issue, see https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328

Note You need to log in before you can comment on or make changes to this bug.