{"data":{"id":"ba619926-87b4-402c-a4cc-e4e1fa5bb8a1","title":"CVE-2020-28975: svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cau","summary":"A vulnerability in Libsvm v324 (a machine learning library used by scikit-learn 0.23.2) allows attackers to crash a program by sending a specially crafted machine learning model with an extremely large value in the _n_support array, causing a segmentation fault (a type of crash where the program tries to access memory it shouldn't). The scikit-learn developers noted this only happens if an application violates the library's API by modifying private attributes.","solution":"A patch is available in scikit-learn at commit 1bf13d567d3cd74854aa8343fd25b61dd768bb85 on GitHub, as referenced in the source material.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2020-28975","publishedAt":"2020-11-22T02:15:10.680Z","cveId":"CVE-2020-28975","cweIds":null,"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["scikit-learn","Libsvm"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00815,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}