CVE-2023-29824 - Vulnerability Details - OpenCVE

A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00374.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat Subscribe	Openshift Subscribe
Scipy Subscribe	Scipy Subscribe

Configuration 1 [-]

cpe:2.3:a:scipy:scipy:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.14
google-benchmark-0:1.8.2-1.el9	cpe:/a:redhat:openshift:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-jrfm-2h82-xg28	Withdrawn: Use after free in SciPy
Ubuntu USN	USN-6226-1	SciPy vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.square16.org/achievement/cve-2023-29824/
https://github.com/scipy/scipy/issues/14713
https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565
https://github.com/scipy/scipy/pull/15013
https://nvd.nist.gov/vuln/detail/CVE-2023-29824
https://www.cve.org/CVERecord?id=CVE-2023-29824

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-06T00:00:00

Updated: 2024-08-02T14:14:40.034Z

Reserved: 2023-04-07T00:00:00

Link: CVE-2023-29824

Vulnrichment

Updated: 2024-08-02T14:14:40.034Z

NVD

Status : Modified

Published: 2023-07-06T21:15:09.060

Modified: 2024-11-21T07:57:33.280

Link: CVE-2023-29824

Redhat

Severity : Moderate

Publid Date: 2023-07-06T00:00:00Z

Links: CVE-2023-29824 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-416

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-29824", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T14:14:40.034Z", "dateReserved": "2023-04-07T00:00:00", "datePublished": "2023-07-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-11T00:00:00"}, "descriptions": [{"lang": "en", "value": "A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/scipy/scipy/issues/14713"}, {"url": "https://github.com/scipy/scipy/pull/15013"}, {"url": "http://www.square16.org/achievement/cve-2023-29824/"}, {"url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "affected": [{"vendor": "scipy", "product": "scipy", "cpes": ["cpe:2.3:a:scipy:scipy:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.8.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-22T19:30:04.549547Z", "id": "CVE-2023-29824", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T19:31:02.055Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:14:40.034Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/scipy/scipy/issues/14713", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/pull/15013", "tags": ["x_transferred"]}, {"url": "http://www.square16.org/achievement/cve-2023-29824/", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/scipy/scipy/issues/14713", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/pull/15013", "tags": ["x_transferred"]}, {"url": "http://www.square16.org/achievement/cve-2023-29824/", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:14:40.034Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-29824", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-22T19:30:04.549547Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:scipy:scipy:-:*:*:*:*:*:*:*"], "vendor": "scipy", "product": "scipy", "versions": [{"status": "affected", "version": "0", "lessThan": "1.8.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T19:30:57.655Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/scipy/scipy/issues/14713"}, {"url": "https://github.com/scipy/scipy/pull/15013"}, {"url": "http://www.square16.org/achievement/cve-2023-29824/"}, {"url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565"}], "descriptions": [{"lang": "en", "value": "A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-11T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-29824", "state": "PUBLISHED", "dateUpdated": "2024-08-02T14:14:40.034Z", "dateReserved": "2023-04-07T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-07-06T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scipy:scipy:*:*:*:*:*:*:*:*", "matchCriteriaId": "45B081D4-BADE-416C-9575-981B366EDDB3", "versionEndExcluding": "1.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue."}, {"lang": "es", "value": " Se descubri\u00f3 un problema de use-after-free en la funci\u00f3n Py_FindObjects() en versiones de SciPy anteriores a la 1.8.0. NOTA: el proveedor y el descubridor indican que esto no es un problema de seguridad."}], "id": "CVE-2023-29824", "lastModified": "2024-11-21T07:57:33.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-07-06T21:15:09.060", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "http://www.square16.org/achievement/cve-2023-29824/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/scipy/scipy/issues/14713"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/scipy/scipy/pull/15013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "http://www.square16.org/achievement/cve-2023-29824/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/scipy/scipy/issues/14713"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/scipy/scipy/pull/15013"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:5009", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "google-benchmark-0:1.8.2-1.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}], "bugzilla": {"description": "scipy: use-after-free in Py_FindObjects() function", "id": "2221034", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221034"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.", "A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a use-after-free bug in the Py_FindObjects() function. By sending a specially crafted request, an attacker can cause a denial of service condition."], "name": "CVE-2023-29824", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "scipy", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "scipy", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python27:2.7/scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python3.11-scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python36:3.6/scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python39:3.9/scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "python3.11-scipy", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "scipy", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "python-sortedcontainers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python38-scipy", "product_name": "Red Hat Software Collections"}], "public_date": "2023-07-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-29824\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29824\nhttp://www.square16.org/achievement/cve-2023-29824/\nhttps://github.com/scipy/scipy/issues/14713#issuecomment-1629468565"], "statement": "This CVE is disputed as per upstream - https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565", "threat_severity": "Moderate"}