CVE-2023-25399
Memory Leak vulnerability in scipy (PyPI)
What is CVE-2023-25399 About?
This vulnerability in SciPy (commit 8627df31ab) is a refcounting issue within the `Py_FindObjects()` function, which can lead to a potential memory leak. Such a leak can degrade system performance and eventually lead to a denial of service if memory is sufficiently exhausted. Exploitation complexity is moderate, requiring specific conditions to trigger the refcounting error.
Affected Software
Technical Details
The vulnerability in SciPy commit 8627df31ab stems from an incorrect reference counting mechanism within the Py_FindObjects() function. In Python, reference counting is crucial for memory management, where objects are deallocated when their reference count drops to zero. A refcounting issue means that an object's reference count is not correctly decremented when it should be, leading to memory that is no longer needed remaining allocated. Over time, repeated calls to Py_FindObjects() under specific conditions that trigger this bug would continuously accumulate unreleased memory, causing a memory leak. This leakage can eventually exhaust available system memory, leading to performance degradation, instability, or even a denial of service condition.
What is the Impact of CVE-2023-25399?
Successful exploitation may allow attackers to cause memory exhaustion, leading to system instability or denial of service.
What is the Exploitability of CVE-2023-25399?
Exploitation requires moderate complexity, as it depends on triggering specific code paths within the Py_FindObjects() function that lead to the refcounting error. No specific authentication or privilege is necessarily required if the vulnerable function can be called via user-supplied input or an application programming interface. The vulnerability is typically local, affecting an application using SciPy, but could be triggered remotely if the application exposes an interface that calls the affected code. The likelihood of exploitation increases in long-running processes or services that frequently execute operations involving object introspection or similar memory management tasks, leading to cumulative memory leaks.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-25399?
Available Upgrade Options
- scipy
- <1.10.0 → Upgrade to 1.10.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/PYSEC-2023-102
- https://github.com/scipy/scipy/issues/16235
- http://www.square16.org/achievement/cve-2023-25399/
- https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328
- https://github.com/scipy/scipy/pull/16397
- http://www.square16.org/achievement/cve-2023-25399/
- https://github.com/scipy/scipy/issues/16235
- https://github.com/scipy/scipy/pull/16397
What are Similar Vulnerabilities to CVE-2023-25399?
Similar Vulnerabilities: CVE-2020-13790 , CVE-2021-36090 , CVE-2022-26377 , CVE-2023-24803 , CVE-2021-23376
