Source: dask Version: 2024.12.1+dfsg-3 Severity: important Tags: security upstream Forwarded: https://github.com/dask/dask/issues/12403 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 2024.12.1+dfsg-2
Hi, The following vulnerability was published for dask. CVE-2026-10705[0]: | A flaw has been found in dask up to 3.0. Affected by this issue is | the function nunique_approx of the file | dask/dataframe/hyperloglog.py of the component HLL Handler. This | manipulation causes resource consumption. The attack is possible to | be carried out remotely. A high degree of complexity is needed for | the attack. The exploitation is known to be difficult. The pull | request to fix this issue awaits acceptance. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-10705 https://www.cve.org/CVERecord?id=CVE-2026-10705 [1] https://github.com/dask/dask/issues/12403 [2] https://github.com/dask/dask/pull/12401 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
