Lucene search

GitHub Advisory DatabaseGHSA-2HVC-HWG3-HPVW

HistoryDec 07, 2022 - 9:30 a.m.

PaddlePaddle Out-of-bounds Read vulnerability

2022-12-0709:30:23

CWE-125

GitHub Advisory Database

github.com

paddlepaddle

out-of-bounds read

gather_tree

vulnerability

patch

release 2.4

software

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.002

Percentile

61.1%

JSON

Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. A patch is available in the release/2.4 branch.

Affected configurations

Vulners

Node

paddlepaddlepaddlepaddleRange<2.4

VendorProductVersionCPE
paddlepaddlepaddlepaddle*cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
paddlepaddle	paddlepaddle	*	cpe:2.3:a:paddlepaddle:paddlepaddle::::::::

References

github.com/advisories/GHSA-2hvc-hwg3-hpvw

github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-001.md

github.com/PaddlePaddle/Paddle/commit/6712e262fc6734873cc6d5ca4f45973339a88697

github.com/PaddlePaddle/Paddle/commit/ee6e6d511f9f33fc862c11722701fb5abb99ed94

github.com/PaddlePaddle/Paddle/pull/47051

nvd.nist.gov/vuln/detail/CVE-2022-46741

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.002

Percentile

61.1%

JSON

Related for GHSA-2HVC-HWG3-HPVW