ALT-PU-2023-6666-2

Package update python3-module-scikit-learn in branch sisyphus

Version1.3.0-alt1

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (3)

HIGH7.5

Уязвимость функции svm_predict_values (svm.cpp) библиотеки машинного обучения scikit-learn, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-09-18

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2020-28975

HIGH7.5

svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.

Published: 2020-11-21Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

GHSA-jxfp-4rvq-9h9m

HIGH7.5

scikit-learn Denial of Service

Published: 2022-05-24Modified: 2024-10-23

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Closed bugs (1)

Update to 1.3.1