sckit_learn is vulnerable to denial of service (DoS). The vulnerability exists through a SVM model with a large value in the _n_support
array caused by svm_predict_values
in svm.cpp
in Libsvm v324.
CPE | Name | Operator | Version |
---|---|---|---|
scikit-learn | le | 1.0 | |
scikit-learn | le | 1.0 |
packetstormsecurity.com/files/160281/SciKit-Learn-0.23.2-Denial-Of-Service.html
seclists.org/fulldisclosure/2020/Nov/44
github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp#L2501
github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85
github.com/scikit-learn/scikit-learn/commit/dd3e3d8ef69228e81506ae12a52d92e2510b280e
github.com/scikit-learn/scikit-learn/issues/18891
github.com/scikit-learn/scikit-learn/pull/21336
security.gentoo.org/glsa/202301-03