Bug 28140

Summary: python-scikit-learn security issue CVE-2020-28975
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-28975
Whiteboard:
Source RPM: python-scikit-learn-0.23.2-1.mga8.src CVE: CVE-2020-28975
Status comment:

Description Zombie Ryushu 2021-01-17 11:57:50 CET 
** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.
Zombie Ryushu 2021-01-17 11:58:02 CET

CVE: (none) => CVE-2020-28975

Comment 1 David Walser 2021-01-17 17:38:01 CET 
DISPUTED -> INVALID

Resolution: (none) => INVALID
Status: NEW => RESOLVED