Все бюллетени/sisyphus_riscv64/ALT-PU-2023-8283-1
ALT-PU-2023-8283-1

Обновление пакета python3-module-scikit-learn в ветке sisyphus_riscv64

Версия1.3.0-alt2
Задание#0
Опубликовано2023-12-22
Макс. серьёзностьHIGH
Серьёзность:

Закрытые проблемы (1)

CVE-2020-28975
HIGH7.5

svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.

Опубликовано: 2020-11-21Изменено: 2024-11-21
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ссылки

Закрытые ошибки (1)