Lucene search

K
cveBaiduCVE-2023-38670
HistoryJul 26, 2023 - 11:15 a.m.

CVE-2023-38670

2023-07-2611:15:09
CWE-476
Baidu
web.nvd.nist.gov
123
cve-2023-38670
null pointer dereference
paddle.flip
paddlepaddle
denial of service
nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.5%

Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.

Affected configurations

Nvd
Node
paddlepaddlepaddlepaddleRange<2.5.0
VendorProductVersionCPE
paddlepaddlepaddlepaddle*cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PaddlePaddle",
    "vendor": "PaddlePaddle",
    "versions": [
      {
        "lessThan": "2.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "git"
      }
    ]
  }
]

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.5%

Related for CVE-2023-38670