CVE-2023-25399 - Vulnerability Details - OpenCVE

ReportizFlow

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Scipy	Scipy

Configuration 1 [-]

cpe:2.3:a:scipy:scipy:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.square16.org/achievement/cve-2023-25399/
https://github.com/scipy/scipy/issues/16235
https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328
https://github.com/scipy/scipy/pull/16397
https://nvd.nist.gov/vuln/detail/CVE-2023-25399
https://www.cve.org/CVERecord?id=CVE-2023-25399

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-05T00:00:00

Updated: 2024-08-02T11:18:36.341Z

Reserved: 2023-02-06T00:00:00

Link: CVE-2023-25399

Vulnrichment

Updated: 2024-08-02T11:18:36.341Z

NVD

Status : Modified

Published: 2023-07-05T17:15:09.320

Modified: 2024-11-21T07:49:28.527

Link: CVE-2023-25399

Redhat

Severity : Moderate

Publid Date: 2023-07-06T00:00:00Z

Links: CVE-2023-25399 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-25399", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T11:18:36.341Z", "dateReserved": "2023-02-06T00:00:00", "datePublished": "2023-07-05T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-13T22:13:32.327721"}, "descriptions": [{"lang": "en", "value": "A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/scipy/scipy/issues/16235"}, {"url": "https://github.com/scipy/scipy/pull/16397"}, {"url": "http://www.square16.org/achievement/cve-2023-25399/"}, {"url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-25399", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T19:33:37.465319Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:scipy:scipy:-:*:*:*:*:*:*:*"], "vendor": "scipy", "product": "scipy", "versions": [{"status": "affected", "version": "0", "lessThan": "1.10.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:18:44.283Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:36.341Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/scipy/scipy/issues/16235", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/pull/16397", "tags": ["x_transferred"]}, {"url": "http://www.square16.org/achievement/cve-2023-25399/", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/scipy/scipy/issues/16235", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/pull/16397", "tags": ["x_transferred"]}, {"url": "http://www.square16.org/achievement/cve-2023-25399/", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:36.341Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-25399", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T19:33:37.465319Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:scipy:scipy:-:*:*:*:*:*:*:*"], "vendor": "scipy", "product": "scipy", "versions": [{"status": "affected", "version": "0", "lessThan": "1.10.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T19:35:34.844Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/scipy/scipy/issues/16235"}, {"url": "https://github.com/scipy/scipy/pull/16397"}, {"url": "http://www.square16.org/achievement/cve-2023-25399/"}, {"url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328"}], "descriptions": [{"lang": "en", "value": "A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-13T22:13:32.327721"}}}, "cveMetadata": {"cveId": "CVE-2023-25399", "state": "PUBLISHED", "dateUpdated": "2024-08-02T11:18:36.341Z", "dateReserved": "2023-02-06T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-07-05T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scipy:scipy:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DF61E05-B983-4CF9-AF1E-4C498AFF89CA", "versionEndExcluding": "1.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly."}], "id": "CVE-2023-25399", "lastModified": "2024-11-21T07:49:28.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-07-05T17:15:09.320", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "http://www.square16.org/achievement/cve-2023-25399/"}, {"source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://github.com/scipy/scipy/issues/16235"}, {"source": "[email protected]", "url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/scipy/scipy/pull/16397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.square16.org/achievement/cve-2023-25399/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://github.com/scipy/scipy/issues/16235"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/scipy/scipy/pull/16397"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-401"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "scipy: refcounting issue leads to potential memory leak", "id": "2220864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2220864"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.", "A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a memory leak flaw in the Py_FindObjects() function due to a new reference not being decreased. This flaw allows a local attacker to send a specially crafted request, forcing the application to leak memory and perform a denial of service attack."], "name": "CVE-2023-25399", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "scipy", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "scipy", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python27:2.7/scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python3.11-scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python36:3.6/scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python39:3.9/scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "python3.11-scipy", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "scipy", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "google-benchmark", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "python-sortedcontainers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python38-scipy", "product_name": "Red Hat Software Collections"}], "public_date": "2023-07-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-25399\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25399\nhttp://www.square16.org/achievement/cve-2023-25399/\nhttps://github.com/scipy/scipy/issues/16235#issuecomment-1625361328"], "statement": "This CVE is disputed as per upstream - https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328.", "threat_severity": "Moderate"}