CVE-2020-28975

First published: Sat Nov 21 2020(Updated: )

** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.

Credit: cve@mitre.org cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/type
• agent/severity
• agent/references
• agent/remedy
• agent/status
• agent/author
• agent/softwarecombine
• collector/nvd-cve
• source/NVD
• agent/software-canonical-lookup
• agent/description
• collector/github-advisory
• source/GitHub
• alias/GHSA-jxfp-4rvq-9h9m
• alias/CVE-2020-28975
• agent/tags
• agent/first-publish-date
• agent/event
• collector/mitre-cve
• source/MITRE
• collector/nvd-api
• agent/last-modified-date
• collector/github-advisory-latest
• status/disputed
• vendor/scikit-learn
• canonical/scikit-learn scikit-learn
• version/scikit-learn scikit-learn/0.23.2
• package-manager/pip