Miggo Logo
Miggo Vulnerability Database
CVE-2023-25399

CVE-2023-25399: Withdrawn: scipy memory leak vulnerability

5.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-25399
GHSA ID
GHSA-9jx5-6pgf-crrp
EPSS Score
0.37466%
CWE
CWE-400
Published
7/5/2023
Updated
5/14/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
scipypip< 1.10.01.10.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows fixes to reference counting in Py_FindObjects:

  1. Reusing the pre-declared 'tuple' variable instead of creating a new local one ensures proper reference tracking.
  2. Changing Py_XDECREF to Py_DECREF for 'start/end' variables aligns with the guarantee that these pointers are non-NULL at that point. These changes directly address memory management errors in the original code, confirming Py_FindObjects as the vulnerable function. Though the advisory was withdrawn (as SciPy isn't meant for untrusted input), the technical analysis of the code confirms the refcounting flaw.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

## Wit**r*wn **visory T*is **visory **s ***n wit**r*wn ****us* it **s ***n *oun* to not ** *n issu*. Pl**s* s** t** issu* [**r*](*ttps://*it*u*.*om/s*ipy/s*ipy/issu*s/*****#issu**omm*nt-**********) *or mor* in*orm*tion. ## Ori*in*l **s*ription * r

Reasoning

T** *ommit *i** s*ows *ix*s to r***r*n** *ountin* in Py_*in*O*j**ts: *. R*usin* t** pr*-***l*r** 'tupl*' v*ri**l* inst*** o* *r**tin* * n*w lo**l on* *nsur*s prop*r r***r*n** tr**kin*. *. ***n*in* Py_X***R** to Py_***R** *or 'st*rt/*n*' v*ri**l*s *li