svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-21T00:00:00

Updated: 2024-08-04T16:48:01.573Z

Reserved: 2020-11-21T00:00:00

Link: CVE-2020-28975

cve-icon Vulnrichment

Updated: 2024-08-04T16:48:01.573Z

cve-icon NVD

Status : Modified

Published: 2020-11-21T21:15:10.680

Modified: 2024-11-21T05:23:25.657

Link: CVE-2020-28975

cve-icon Redhat

No data.