GHSA-9jx5-6pgf-crrp

Source

https://github.com/advisories/GHSA-9jx5-6pgf-crrp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-9jx5-6pgf-crrp/GHSA-9jx5-6pgf-crrp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9jx5-6pgf-crrp

Withdrawn

2024-05-14T20:15:44Z

Published

2023-07-05T18:30:44Z

Modified

2024-05-14T20:30:59.309817Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Withdrawn: scipy memory leak vulnerability

Details

Withdrawn Advisory

This advisory has been withdrawn because it has been found to not be an issue. Please see the issue here for more information.

Original Description

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.

Database specific

{
    "nvd_published_at": "2023-07-05T17:15:09Z",
    "severity": "MODERATE",
    "github_reviewed_at": "2023-07-06T21:01:56Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400"
    ]
}

References

Affected packages

PyPI / scipy

Package

Name: scipy; View open source insights on deps.dev
Purl: pkg:pypi/scipy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.0

Affected versions

0.*

0.4.4

0.5.2

0.6.0

0.7.0

0.7.2

0.8.0

0.9.0

0.10.0

0.10.1

0.11.0

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.13.3

0.14.0

0.14.1

0.15.0

0.15.1

0.16.0

0.16.1

0.17.0

0.17.1

0.18.0

0.18.1

0.19.0

0.19.1

1.*

1.0.0

1.0.1

1.1.0

1.2.0

1.2.1

1.2.2

1.2.3

1.3.0

1.3.1

1.3.2

1.3.3

1.4.0

1.4.1

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.6.0

1.6.1

1.6.2

1.6.3

1.7.0

1.7.1

1.7.2

1.7.3

1.8.0rc1

1.8.0rc2

1.8.0rc3

1.8.0rc4

1.8.0

1.8.1

1.9.0rc1

1.9.0rc2

1.9.0rc3

1.9.0

1.9.1

1.9.2

1.9.3

1.10.0rc1

1.10.0rc2