scikit-learn: Denial of Service — GLSA 202301-03

A vulnerability was found in scikit-learn which could result in denial of service.

Affected packages

sci-libs/scikit-learn on all architectures
Affected versions < 1.1.1
Unaffected versions >= 1.1.1

Background

scikit-learn is a machine learning library for Python.

Description

When supplied with a crafted model SVM, predict() can result in a null pointer dereference.

Impact

An attcker capable of providing a crafted model to scikit-learn can result in denial of service.

Workaround

There is no known workaround at this time.

Resolution

All scikit-learn users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sci-libs/scikit-learn-1.1.1"
 

References

Release date
January 11, 2023

Latest revision
January 11, 2023: 1

Severity
low

Exploitable
remote

Bugzilla entries