9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-29824

CVE-2023-29824: Withdrawn: Use after free in SciPy

Withdrawn Advisory

This advisory has been withdrawn because it has been found to not be an issue. Please see the issue here for more information.

Original Description

A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-29824

CVE-2023-29824:

9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
scipy	pip	< 1.8.0	1.8.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit e32fc23 shows removal of an extra Py_XDECREF(result) call in Py_FindObjects' error path. The original code had two decref calls (lines 924 and 931) when errors occurred. This matches the classic use-after-free pattern where an object's reference count is over-decremented, potentially freeing it prematurely. The vulnerability was explicitly addressed in PR #15013 and the CVE description specifically calls out Py_FindObjects as the affected function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-29824: Withdrawn: Use after free in SciPy

Withdrawn Advisory

Original Description

CVE-2023-29824:

9.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2023-29824: Withdrawn: Use after free in SciPy

Withdrawn Advisory

Original Description

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

9.8

9.8

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI