CVE-2023-25399 - Vulnerability Details - OpenCVE

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0016.

Key SSVC decision points have not yet been added.

Vendors	Products
Scipy	Scipy

Configuration 1 [-]

cpe:2.3:a:scipy:scipy:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-0234	A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.
Github GHSA	GHSA-9jx5-6pgf-crrp	Withdrawn: scipy memory leak vulnerability
Ubuntu USN	USN-6226-1	SciPy vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.square16.org/achievement/cve-2023-25399/
https://github.com/scipy/scipy/issues/16235
https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328
https://github.com/scipy/scipy/pull/16397
https://nvd.nist.gov/vuln/detail/CVE-2023-25399
https://www.cve.org/CVERecord?id=CVE-2023-25399

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-05T00:00:00

Updated: 2024-08-02T11:18:36.341Z

Reserved: 2023-02-06T00:00:00

Link: CVE-2023-25399

Vulnrichment

Updated: 2024-08-02T11:18:36.341Z

NVD

Status : Modified

Published: 2023-07-05T17:15:09.320

Modified: 2024-11-21T07:49:28.527

Link: CVE-2023-25399

Redhat

Severity : Moderate

Publid Date: 2023-07-06T00:00:00Z

Links: CVE-2023-25399 - Bugzilla

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-25399", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T11:18:36.341Z", "dateReserved": "2023-02-06T00:00:00", "datePublished": "2023-07-05T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-13T22:13:32.327721"}, "descriptions": [{"lang": "en", "value": "A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/scipy/scipy/issues/16235"}, {"url": "https://github.com/scipy/scipy/pull/16397"}, {"url": "http://www.square16.org/achievement/cve-2023-25399/"}, {"url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-25399", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T19:33:37.465319Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:scipy:scipy:-:*:*:*:*:*:*:*"], "vendor": "scipy", "product": "scipy", "versions": [{"status": "affected", "version": "0", "lessThan": "1.10.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:18:44.283Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:36.341Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/scipy/scipy/issues/16235", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/pull/16397", "tags": ["x_transferred"]}, {"url": "http://www.square16.org/achievement/cve-2023-25399/", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/scipy/scipy/issues/16235", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/pull/16397", "tags": ["x_transferred"]}, {"url": "http://www.square16.org/achievement/cve-2023-25399/", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:36.341Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-25399", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T19:33:37.465319Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:scipy:scipy:-:*:*:*:*:*:*:*"], "vendor": "scipy", "product": "scipy", "versions": [{"status": "affected", "version": "0", "lessThan": "1.10.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T19:35:34.844Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/scipy/scipy/issues/16235"}, {"url": "https://github.com/scipy/scipy/pull/16397"}, {"url": "http://www.square16.org/achievement/cve-2023-25399/"}, {"url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328"}], "descriptions": [{"lang": "en", "value": "A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-13T22:13:32.327721"}}}, "cveMetadata": {"cveId": "CVE-2023-25399", "state": "PUBLISHED", "dateUpdated": "2024-08-02T11:18:36.341Z", "dateReserved": "2023-02-06T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-07-05T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scipy:scipy:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DF61E05-B983-4CF9-AF1E-4C498AFF89CA", "versionEndExcluding": "1.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly."}], "id": "CVE-2023-25399", "lastModified": "2024-11-21T07:49:28.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-07-05T17:15:09.320", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.square16.org/achievement/cve-2023-25399/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://github.com/scipy/scipy/issues/16235"}, {"source": "cve@mitre.org", "url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/scipy/scipy/pull/16397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.square16.org/achievement/cve-2023-25399/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://github.com/scipy/scipy/issues/16235"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/scipy/scipy/pull/16397"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-401"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "scipy: refcounting issue leads to potential memory leak", "id": "2220864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2220864"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.", "A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a memory leak flaw in the Py_FindObjects() function due to a new reference not being decreased. This flaw allows a local attacker to send a specially crafted request, forcing the application to leak memory and perform a denial of service attack."], "name": "CVE-2023-25399", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "scipy", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "scipy", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python27:2.7/scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python3.11-scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python36:3.6/scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python39:3.9/scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "python3.11-scipy", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "scipy", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "google-benchmark", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "python-sortedcontainers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python38-scipy", "product_name": "Red Hat Software Collections"}], "public_date": "2023-07-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-25399\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25399\nhttp://www.square16.org/achievement/cve-2023-25399/\nhttps://github.com/scipy/scipy/issues/16235#issuecomment-1625361328"], "statement": "This CVE is disputed as per upstream - https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328.", "threat_severity": "Moderate"}