2221034 – (CVE-2023-29824) CVE-2023-29824 scipy: use-after-free in Py_FindObjects() function

Bug 2221034 (CVE-2023-29824) - CVE-2023-29824 scipy: use-after-free in Py_FindObjects() function

Summary: CVE-2023-29824 scipy: use-after-free in Py_FindObjects() function

Keywords:
Status:	NEW
Alias:	CVE-2023-29824
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2221052 2221053 2221051 2221054 2221055 2221056 2221057 2221058 2221059 2221074 2221075 2221076 2221077 2221078 2221079 2221080
Blocks:	2220862
TreeView+	depends on / blocked

Reported:	2023-07-07 05:20 UTC by Rohit Keshri
Modified:	2024-04-24 11:33 UTC (History)
CC List:	15 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a use-after-free bug in the Py_FindObjects() function. By sending a specially crafted request, an attacker can cause a denial of service condition.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:5009	0	None	None	None	2023-10-31 14:02:08 UTC

Description Rohit Keshri 2023-07-07 05:20:00 UTC

** DISPUTED ** A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0.

https://github.com/scipy/scipy/issues/14713
http://www.square16.org/achievement/cve-2023-29824/
https://github.com/scipy/scipy/pull/15013
https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565

Comment 1 TEJ RATHI 2023-07-07 06:51:29 UTC

Created cura tracking bugs for this issue:

Affects: fedora-37 [bug 2221055]


Created espresso tracking bugs for this issue:

Affects: epel-8 [bug 2221053]


Created google-benchmark tracking bugs for this issue:

Affects: epel-7 [bug 2221051]
Affects: epel-8 [bug 2221054]
Affects: fedora-37 [bug 2221056]
Affects: fedora-38 [bug 2221058]


Created python3-scipy tracking bugs for this issue:

Affects: epel-7 [bug 2221052]


Created scipy tracking bugs for this issue:

Affects: fedora-37 [bug 2221057]
Affects: fedora-38 [bug 2221059]

Comment 6 Charalampos Stratakis 2023-07-11 16:31:42 UTC

It seems this is not a CVE according to https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565

Comment 7 errata-xmlrpc 2023-10-31 14:02:06 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5009 https://access.redhat.com/errata/RHSA-2023:5009

Note You need to log in before you can comment on or make changes to this bug.