CVE-2023-29824 – CVE-2023-29824 is a use-after-free vulnerabilit... (How to Fix)

📋 TL;DR

CVE-2023-29824 is a use-after-free vulnerability in the Py_FindObjects() function in SciPy versions before 1.8.0. This could potentially allow attackers to execute arbitrary code or cause denial of service by exploiting memory corruption. However, both the vendor and discoverer indicate this is not a security issue in practice.

💻 Affected Systems

Products:

SciPy

Versions: Versions prior to 1.8.0

Operating Systems: All platforms running Python with SciPy

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects SciPy installations using the vulnerable function; many applications may not use Py_FindObjects() directly.

📦 What is this software?

Scipy by Scipy

View all CVEs affecting Scipy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if an attacker can trigger the vulnerability.

🟠

Likely Case

Denial of service through application crashes; actual exploitation for code execution is unlikely given vendor assessment.

🟢

If Mitigated

Minimal impact if proper input validation and memory protections are in place.

🌐 Internet-Facing: LOW with brief explanation

🏢 Internal Only: LOW with brief explanation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

No known exploits; exploitation would require specific conditions to trigger the use-after-free.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.0 and later

Vendor Advisory: https://github.com/scipy/scipy/issues/14713

Restart Required: No

Instructions:

1. Upgrade SciPy to version 1.8.0 or later using pip: pip install --upgrade scipy>=1.8.0
2. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Avoid using Py_FindObjects()

all

Modify code to avoid calling the vulnerable Py_FindObjects() function if possible.

🧯 If You Can't Patch

Implement strict input validation for any code that might trigger Py_FindObjects()
Use memory protection mechanisms like ASLR and DEP to reduce exploitability

🔍 How to Verify

Check if Vulnerable:

Check SciPy version: python -c "import scipy; print(scipy.__version__)"

Check Version:

python -c "import scipy; print(scipy.__version__)"

Verify Fix Applied:

Verify version is 1.8.0 or higher: python -c "import scipy; print('Fixed' if scipy.__version__ >= '1.8.0' else 'Vulnerable')"

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Python segmentation faults

SIEM Query:

Search for process termination events from Python/scipy with exit codes indicating memory corruption (e.g., SIGSEGV, SIGABRT).

📊 Metadata

CVE ID: CVE-2023-29824

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: July 6, 2023

Last Updated: November 21, 2024

🔗 References

http://www.square16.org/achievement/cve-2023-29824/ Product
https://github.com/scipy/scipy/issues/14713 Exploit,Issue Tracking
https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565 Exploit,Issue Tracking
https://github.com/scipy/scipy/pull/15013 Patch
http://www.square16.org/achievement/cve-2023-29824/ Product
https://github.com/scipy/scipy/issues/14713 Exploit,Issue Tracking
https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565 Exploit,Issue Tracking
https://github.com/scipy/scipy/pull/15013 Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29824, you might also want to check these: