CVE-2023-25399 - OpenCVE

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Scipy	Scipy

Configuration 1 [-]

cpe:2.3:a:scipy:scipy:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.square16.org/achievement/cve-2023-25399/	Third Party Advisory
https://github.com/scipy/scipy/issues/16235	Exploit Issue Tracking Patch Vendor Advisory
https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328
https://github.com/scipy/scipy/pull/16397	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-05T00:00:00

Updated: 2024-06-04T17:18:44.283Z

Reserved: 2023-02-06T00:00:00

Link: CVE-2023-25399

JSON object: View

NVD Information

Status : Modified

Published: 2023-07-05T17:15:09.320

Modified: 2024-06-04T19:17:24.313

Link: CVE-2023-25399

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-25399", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-06-04T17:18:44.283Z", "dateReserved": "2023-02-06T00:00:00", "datePublished": "2023-07-05T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-13T22:13:32.327721"}, "descriptions": [{"lang": "en", "value": "A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/scipy/scipy/issues/16235"}, {"url": "https://github.com/scipy/scipy/pull/16397"}, {"url": "http://www.square16.org/achievement/cve-2023-25399/"}, {"url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-25399", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T19:33:37.465319Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:scipy:scipy:-:*:*:*:*:*:*:*"], "vendor": "scipy", "product": "scipy", "versions": [{"status": "affected", "version": "0", "lessThan": "1.10.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:18:44.283Z"}}]}, "dataVersion": "5.1"}