CVE-2020-28975: High severity scikit-learn vulnerability

Q: What is the severity of CVE-2020-28975?

CVE-2020-28975 has been reported as a denial of service vulnerability that can lead to a segmentation fault.

Q: How do I fix CVE-2020-28975?

To fix CVE-2020-28975, upgrade scikit-learn to version 1.0.1 or later.

Q: Which software is affected by CVE-2020-28975?

CVE-2020-28975 affects scikit-learn versions between 0.23.2 and 1.0.1.

Q: What does CVE-2020-28975 impact?

CVE-2020-28975 impacts the svm_predict_values function in the Libsvm implementation.

Q: Can CVE-2020-28975 be exploited remotely?

Yes, CVE-2020-28975 can be exploited remotely through crafted model inputs.

Published Nov 21, 2020

Updated

DISPUTED svmpredictvalues in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the nsupport array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.

Affected Software

2 affected componentsFixes available

pip/scikit-learn>=0.23.2<1.0.1

1.0.1

scikit-learn scikit-learn>=0.23.2<1.0.1

Remediation

Patch Available

https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85

Event History

Nov 21, 2020

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Disputed

09:15 PM

May 24, 2022

Advisory Published

via GitHub·05:34 PM

Frequently Asked Questions

What is the severity of CVE-2020-28975?

CVE-2020-28975 has been reported as a denial of service vulnerability that can lead to a segmentation fault.

How do I fix CVE-2020-28975?

To fix CVE-2020-28975, upgrade scikit-learn to version 1.0.1 or later.

Which software is affected by CVE-2020-28975?