Executive Summary

Informations
Name CVE-2020-28975 First vendor Publication 2020-11-21
Vendor Cve Last vendor Modification 2020-11-23

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28975

Sources (Detail)

Source Url
MISC https://github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a...
https://github.com/scikit-learn/scikit-learn/issues/18891

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2020-11-24 05:22:52
  • Multiple Updates
2020-11-23 17:22:51
  • Multiple Updates
2020-11-22 05:22:53
  • First insertion