—

PYSEC-2023-114

Details

** DISPUTED ** A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / scipy

Introduced in: 0 Fixed in: 1.8.0

Fix pip install --upgrade 'scipy>=1.8.0'

References

https://github.com/scipy/scipy/issues/14713 [EVIDENCE]
https://github.com/scipy/scipy/issues/14713 [REPORT]
http://www.square16.org/achievement/cve-2023-29824/ [WEB]
https://github.com/scipy/scipy/pull/15013 [FIX]
https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565 [EVIDENCE]
https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565 [REPORT]
https://github.com/advisories/GHSA-jrfm-2h82-xg28 [ADVISORY]