lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 26 Nov 2020 23:01:14 +0100
From: pabloec20 <>
Subject: [FD] scikit-learn 0.23.2 Local Denial of Service


svm_predict_values in svm.cpp in  Libsvm  v324, as used in scikit-learn
0.23.2 and other products, allows attackers to  cause a denial of service
(segmentation fault) via  a crafted model SVM (introduced via  pickle,
json, or any other model permanence technique) with a large value in the
_n_support array.



[Vendor of Product]


[Affected Product Code Base]

 scikit-learn - 0.23.2

[Affected Component]


[Attack Type]



  Denial of Service

[Attack Vectors]

 specially crafted file




Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists