CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-29824 – scipy: use-after-free in Py_FindObjects() function
https://notcve.org/view.php?id=CVE-2023-29824
A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue. A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a use-after-free bug in the Py_FindObjects() function. By sending a specially crafted request, an attacker can cause a denial of service condition. • http://www.square16.org/achievement/cve-2023-29824 https://github.com/scipy/scipy/issues/14713 https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565 https://github.com/scipy/scipy/pull/15013 https://access.redhat.com/security/cve/CVE-2023-29824 https://bugzilla.redhat.com/show_bug.cgi?id=2221034 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25399
https://notcve.org/view.php?id=CVE-2023-25399
A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly. • http://www.square16.org/achievement/cve-2023-25399 https://github.com/scipy/scipy/issues/16235 https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328 https://github.com/scipy/scipy/pull/16397 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4251
https://notcve.org/view.php?id=CVE-2013-4251
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. El componente scipy.weave en SciPy versiones anteriores a 0.12.1, crea directorios temporales no seguros. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120696.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119759.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119771.html http://www.securityfocus.com/bid/63008 https://access.redhat.com/security/cve/cve-2013-4251 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4251 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4251 https://exchange.xforce.ibmcloud.com/vulnera • CWE-269: Improper Privilege Management •