Vulnerabilities > CVE-2023-25399 - Unspecified vulnerability in Scipy
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.
Vulnerable Configurations
References
- http://www.square16.org/achievement/cve-2023-25399/
- http://www.square16.org/achievement/cve-2023-25399/
- https://github.com/scipy/scipy/issues/16235
- https://github.com/scipy/scipy/issues/16235
- https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328
- https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328
- https://github.com/scipy/scipy/pull/16397
- https://github.com/scipy/scipy/pull/16397