Lucene search

GitHub Advisory DatabaseGHSA-8WFH-QXXV-3Q8C

HistoryJul 26, 2023 - 12:30 p.m.

Use after free in PaddlePaddle

2023-07-2612:30:28

CWE-416

GitHub Advisory Database

github.com

paddlepaddle

use after free

exploitable

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.0%

JSON

Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.

Affected configurations

Vulners

Node

paddlepaddlepaddlepaddleRange0–2.5.0

VendorProductVersionCPE
paddlepaddlepaddlepaddle*cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
paddlepaddle	paddlepaddle	*	cpe:2.3:a:paddlepaddle:paddlepaddle::::::::

References

github.com/advisories/GHSA-8wfh-qxxv-3q8c

github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-001.md

github.com/PaddlePaddle/Paddle/commit/43981874f5e1683b855eab871092fa9be58d6a44

github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2023-122.yaml

nvd.nist.gov/vuln/detail/CVE-2023-38669

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.0%

JSON

Related for GHSA-8WFH-QXXV-3Q8C