** DISPUTED ** svm_predict_values in... CVE-2020-28975

- AV AC AU C I A
发布: 2020-11-21
修订: 2020-11-29

** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.

0%
暂无可用Exp或PoC
产品及版本信息(CPE)暂不可用