CVE-2023-29824 - Vulnerability Details - OpenCVE

ReportizFlow

A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Openshift
Scipy	Scipy

Configuration 1 [-]

cpe:2.3:a:scipy:scipy:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.14
google-benchmark-0:1.8.2-1.el9	cpe:/a:redhat:openshift:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z

References

Link	Providers
http://www.square16.org/achievement/cve-2023-29824/
https://github.com/scipy/scipy/issues/14713
https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565
https://github.com/scipy/scipy/pull/15013
https://nvd.nist.gov/vuln/detail/CVE-2023-29824
https://www.cve.org/CVERecord?id=CVE-2023-29824

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-06T00:00:00

Updated: 2024-08-02T14:14:40.034Z

Reserved: 2023-04-07T00:00:00

Link: CVE-2023-29824

Vulnrichment

Updated: 2024-08-02T14:14:40.034Z

NVD

Status : Modified

Published: 2023-07-06T21:15:09.060

Modified: 2024-11-21T07:57:33.280

Link: CVE-2023-29824

Redhat

Severity : Moderate

Publid Date: 2023-07-06T00:00:00Z

Links: CVE-2023-29824 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-29824", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T14:14:40.034Z", "dateReserved": "2023-04-07T00:00:00", "datePublished": "2023-07-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-11T00:00:00"}, "descriptions": [{"lang": "en", "value": "A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/scipy/scipy/issues/14713"}, {"url": "https://github.com/scipy/scipy/pull/15013"}, {"url": "http://www.square16.org/achievement/cve-2023-29824/"}, {"url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "affected": [{"vendor": "scipy", "product": "scipy", "cpes": ["cpe:2.3:a:scipy:scipy:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.8.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-22T19:30:04.549547Z", "id": "CVE-2023-29824", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T19:31:02.055Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:14:40.034Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/scipy/scipy/issues/14713", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/pull/15013", "tags": ["x_transferred"]}, {"url": "http://www.square16.org/achievement/cve-2023-29824/", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/scipy/scipy/issues/14713", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/pull/15013", "tags": ["x_transferred"]}, {"url": "http://www.square16.org/achievement/cve-2023-29824/", "tags": ["x_transferred"]}, {"url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:14:40.034Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-29824", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-22T19:30:04.549547Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:scipy:scipy:-:*:*:*:*:*:*:*"], "vendor": "scipy", "product": "scipy", "versions": [{"status": "affected", "version": "0", "lessThan": "1.8.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T19:30:57.655Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/scipy/scipy/issues/14713"}, {"url": "https://github.com/scipy/scipy/pull/15013"}, {"url": "http://www.square16.org/achievement/cve-2023-29824/"}, {"url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565"}], "descriptions": [{"lang": "en", "value": "A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-11T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-29824", "state": "PUBLISHED", "dateUpdated": "2024-08-02T14:14:40.034Z", "dateReserved": "2023-04-07T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-07-06T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scipy:scipy:*:*:*:*:*:*:*:*", "matchCriteriaId": "45B081D4-BADE-416C-9575-981B366EDDB3", "versionEndExcluding": "1.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue."}, {"lang": "es", "value": " Se descubri\u00f3 un problema de use-after-free en la funci\u00f3n Py_FindObjects() en versiones de SciPy anteriores a la 1.8.0. NOTA: el proveedor y el descubridor indican que esto no es un problema de seguridad."}], "id": "CVE-2023-29824", "lastModified": "2024-11-21T07:57:33.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-07-06T21:15:09.060", "references": [{"source": "[email protected]", "tags": ["Product"], "url": "http://www.square16.org/achievement/cve-2023-29824/"}, {"source": "[email protected]", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/scipy/scipy/issues/14713"}, {"source": "[email protected]", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/scipy/scipy/pull/15013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "http://www.square16.org/achievement/cve-2023-29824/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/scipy/scipy/issues/14713"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/scipy/scipy/pull/15013"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:5009", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "google-benchmark-0:1.8.2-1.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}], "bugzilla": {"description": "scipy: use-after-free in Py_FindObjects() function", "id": "2221034", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221034"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.", "A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a use-after-free bug in the Py_FindObjects() function. By sending a specially crafted request, an attacker can cause a denial of service condition."], "name": "CVE-2023-29824", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "scipy", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "scipy", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python27:2.7/scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python3.11-scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python36:3.6/scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python39:3.9/scipy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "python3.11-scipy", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "scipy", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "python-sortedcontainers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python38-scipy", "product_name": "Red Hat Software Collections"}], "public_date": "2023-07-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-29824\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29824\nhttp://www.square16.org/achievement/cve-2023-29824/\nhttps://github.com/scipy/scipy/issues/14713#issuecomment-1629468565"], "statement": "This CVE is disputed as per upstream - https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565", "threat_severity": "Moderate"}