CVE-2023-29824

CRITICAL

scipy < 1.8.0 - Use-After-Free in Py_FindObjects()

Title source: llm

Description

A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.

References (4)

Core 4

Core References

Product

http://www.square16.org/achievement/cve-2023-29824/

Exploit, Issue Tracking

https://github.com/scipy/scipy/issues/14713

Exploit, Issue Tracking

https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565

Patch

https://github.com/scipy/scipy/pull/15013

Scores

CVSS v3 9.8

EPSS 0.0111

EPSS Percentile 61.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-416

Status published

Products (2)

pypi/scipy 0 - 1.8.0PyPI

scipy/scipy < 1.8.0

Published Jul 06, 2023

Tracked Since Feb 18, 2026