Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cvxopt | Cvxopt_project | * | 1.2.6 (including) |
| Cvxopt | Ubuntu | bionic | * |
| Cvxopt | Ubuntu | hirsute | * |
| Cvxopt | Ubuntu | impish | * |
| Cvxopt | Ubuntu | trusty | * |
| Cvxopt | Ubuntu | upstream | * |
| Cvxopt | Ubuntu | xenial | * |
This Pillar covers several possibilities: