Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    25 vulnerabilities

    CVE-2023-52314 (GCVE-0-2023-52314)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:15 – Updated: 2024-11-14 18:25
    VLAI
    Title
    Command injection in convert_shape_compare
    Summary
    PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52314",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-14T18:25:03.785448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-14T18:25:24.577Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003ePaddlePaddle before 2.6.0 has a command injection in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econvert_shape_compare\u003c/span\u003e\u003c/span\u003e. This resulted in the ability to execute arbitrary commands on the operating system.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:15:52.057Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command injection in convert_shape_compare",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52314",
        "datePublished": "2024-01-03T08:15:52.057Z",
        "dateReserved": "2024-01-02T05:32:46.255Z",
        "dateUpdated": "2024-11-14T18:25:24.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52313 (GCVE-0-2023-52313)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:15 – Updated: 2025-06-17 20:29
    VLAI
    Title
    FPE in paddle.argmin and paddle.argmax
    Summary
    FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52313",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-09T16:29:55.810339Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T20:29:08.057Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eFPE in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epaddle.argmin and paddle.argmax\u003c/span\u003e\u0026nbsp;in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "FPE in paddle.argmin and paddle.argmax\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369 Divide By Zero",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:15:20.819Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FPE in paddle.argmin and paddle.argmax",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52313",
        "datePublished": "2024-01-03T08:15:20.819Z",
        "dateReserved": "2024-01-02T05:32:46.254Z",
        "dateUpdated": "2025-06-17T20:29:08.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52312 (GCVE-0-2023-52312)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:15 – Updated: 2025-06-03 14:43
    VLAI
    Title
    Null pointer dereference in paddle.crop
    Summary
    Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52312",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T19:10:35.644503Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T14:43:44.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eNullptr dereference in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epaddle.crop\u003c/span\u003e\u0026nbsp;in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Nullptr dereference in paddle.crop\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:15:13.401Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Null pointer dereference in paddle.crop",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52312",
        "datePublished": "2024-01-03T08:15:13.401Z",
        "dateReserved": "2024-01-02T05:32:46.254Z",
        "dateUpdated": "2025-06-03T14:43:44.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52311 (GCVE-0-2023-52311)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:15 – Updated: 2025-06-17 20:29
    VLAI
    Title
    Command injection in _wget_download
    Summary
    PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52311",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-03T14:37:22.097922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T20:29:07.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003ePaddlePaddle before 2.6.0 has a command injection in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e_wget_download\u003c/span\u003e. This resulted in the ability to execute arbitrary commands on the operating system.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:15:04.927Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command injection in _wget_download",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52311",
        "datePublished": "2024-01-03T08:15:04.927Z",
        "dateReserved": "2024-01-02T05:32:46.254Z",
        "dateUpdated": "2025-06-17T20:29:07.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52310 (GCVE-0-2023-52310)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:14 – Updated: 2025-04-17 18:25
    VLAI
    Title
    Command injection in get_online_pass_interval
    Summary
    PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52310",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-09T15:28:43.930940Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T18:25:07.284Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003ePaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:14:55.842Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command injection in get_online_pass_interval",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52310",
        "datePublished": "2024-01-03T08:14:55.842Z",
        "dateReserved": "2024-01-02T05:32:46.254Z",
        "dateUpdated": "2025-04-17T18:25:07.284Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52309 (GCVE-0-2023-52309)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:14 – Updated: 2024-09-06 17:24
    VLAI
    Title
    Heap buffer overflow in paddle.repeat_interleave
    Summary
    Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.557Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-06T17:24:03.078860Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T17:24:27.392Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eHeap buffer overflow in paddle.repeat_interleave\u0026nbsp;in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Heap buffer overflow in paddle.repeat_interleave\u00a0in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:14:27.142Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Heap buffer overflow in paddle.repeat_interleave",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52309",
        "datePublished": "2024-01-03T08:14:27.142Z",
        "dateReserved": "2024-01-02T05:32:46.254Z",
        "dateUpdated": "2024-09-06T17:24:27.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52308 (GCVE-0-2023-52308)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:14 – Updated: 2025-05-09 19:36
    VLAI
    Title
    FPE in paddle.amin
    Summary
    FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.666Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-017.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52308",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-09T19:35:35.676266Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-09T19:36:12.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eFPE in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epaddle.amin\u003c/span\u003e\u0026nbsp;in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "FPE in paddle.amin\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369 Divide By Zero",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:14:13.460Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-017.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FPE in paddle.amin",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52308",
        "datePublished": "2024-01-03T08:14:13.460Z",
        "dateReserved": "2024-01-02T05:32:46.254Z",
        "dateUpdated": "2025-05-09T19:36:12.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52307 (GCVE-0-2023-52307)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:14 – Updated: 2025-06-16 18:14
    VLAI
    Title
    Stack overflow in paddle.linalg.lu_unpack
    Summary
    Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.577Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52307",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-23T20:31:05.302801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T18:14:18.776Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eStack overflow in paddle.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003elinalg.lu_unpack\u003c/span\u003e\u0026nbsp;in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Stack overflow in paddle.linalg.lu_unpack\u00a0in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:14:03.111Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack overflow in paddle.linalg.lu_unpack",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52307",
        "datePublished": "2024-01-03T08:14:03.111Z",
        "dateReserved": "2024-01-02T05:32:46.253Z",
        "dateUpdated": "2025-06-16T18:14:18.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52306 (GCVE-0-2023-52306)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:13 – Updated: 2025-06-03 14:43
    VLAI
    Title
    FPE in paddle.lerp
    Summary
    FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:40.864Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52306",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:57:31.680622Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T14:43:50.464Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eFPE in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epaddle.lerp\u003c/span\u003e\u0026nbsp;in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "FPE in paddle.lerp\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369 Divide By Zero",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:13:52.600Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FPE in paddle.lerp",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52306",
        "datePublished": "2024-01-03T08:13:52.600Z",
        "dateReserved": "2024-01-02T05:32:46.253Z",
        "dateUpdated": "2025-06-03T14:43:50.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52305 (GCVE-0-2023-52305)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:13 – Updated: 2025-06-03 14:43
    VLAI
    Title
    FPE in paddle.topk
    Summary
    FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52305",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:57:34.571621Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T14:43:55.071Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eFPE in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epaddle.topk\u003c/span\u003e\u0026nbsp;in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "FPE in paddle.topk\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369 Divide By Zero",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:13:26.696Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FPE in paddle.topk",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52305",
        "datePublished": "2024-01-03T08:13:26.696Z",
        "dateReserved": "2024-01-02T05:32:46.253Z",
        "dateUpdated": "2025-06-03T14:43:55.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52304 (GCVE-0-2023-52304)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:13 – Updated: 2025-06-17 20:29
    VLAI
    Title
    Stack overflow in paddle.searchsorted
    Summary
    Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.506Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52304",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-24T19:25:19.716756Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T20:29:07.794Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eStack overflow in paddle.searchsorted\u0026nbsp;in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Stack overflow in paddle.searchsorted\u00a0in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:13:13.759Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack overflow in paddle.searchsorted",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52304",
        "datePublished": "2024-01-03T08:13:13.759Z",
        "dateReserved": "2024-01-02T05:32:46.253Z",
        "dateUpdated": "2025-06-17T20:29:07.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52303 (GCVE-0-2023-52303)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:12 – Updated: 2025-06-17 20:29
    VLAI
    Title
    Segfault in paddle.put_along_axis
    Summary
    Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52303",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-03T14:35:27.827398Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T20:29:07.664Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eNullptr in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epaddle.put_along_axis\u003c/span\u003e\u0026nbsp;in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Nullptr in paddle.put_along_axis\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:12:59.795Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Segfault in paddle.put_along_axis",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52303",
        "datePublished": "2024-01-03T08:12:59.795Z",
        "dateReserved": "2024-01-02T05:32:46.253Z",
        "dateUpdated": "2025-06-17T20:29:07.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52302 (GCVE-0-2023-52302)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:12 – Updated: 2024-11-14 18:37
    VLAI
    Title
    Segfault in paddle.nextafter
    Summary
    Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.452Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52302",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-11T20:19:04.426704Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-14T18:37:34.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eNullptr in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epaddle.nextafter\u003c/span\u003e\u0026nbsp;in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Nullptr in paddle.nextafter\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:12:45.328Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Segfault in paddle.nextafter",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-52302",
        "datePublished": "2024-01-03T08:12:45.328Z",
        "dateReserved": "2024-01-02T05:32:46.253Z",
        "dateUpdated": "2024-11-14T18:37:34.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38678 (GCVE-0-2023-38678)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:11 – Updated: 2025-06-03 14:44
    VLAI
    Title
    Segfault in paddle.mode
    Summary
    OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-010.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38678",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T19:10:38.836008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T14:44:00.892Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eOOB access in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epaddle.mode\u003c/span\u003e\u0026nbsp;in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "OOB access in paddle.mode\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:11:55.859Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-010.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Segfault in paddle.mode",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-38678",
        "datePublished": "2024-01-03T08:11:55.859Z",
        "dateReserved": "2023-07-24T07:55:02.092Z",
        "dateUpdated": "2025-06-03T14:44:00.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38677 (GCVE-0-2023-38677)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:11 – Updated: 2025-04-17 18:25
    VLAI
    Title
    FPE in paddle.linalg.eig
    Summary
    FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.658Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38677",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-09T15:26:28.972117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T18:25:35.668Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eFPE in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epaddle.linalg.eig\u003c/span\u003e in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369 Divide By Zero",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:11:39.268Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FPE in paddle.linalg.eig",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-38677",
        "datePublished": "2024-01-03T08:11:39.268Z",
        "dateReserved": "2023-07-24T07:55:02.091Z",
        "dateUpdated": "2025-04-17T18:25:35.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38676 (GCVE-0-2023-38676)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:11 – Updated: 2024-09-06 17:26
    VLAI
    Title
    Segfault in paddle.dot
    Summary
    Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38676",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-04T20:43:17.627936Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T17:26:13.184Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eNullptr in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epaddle.dot\u003c/span\u003e\u0026nbsp;in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Nullptr in paddle.dot\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:11:05.336Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Segfault in paddle.dot",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-38676",
        "datePublished": "2024-01-03T08:11:05.336Z",
        "dateReserved": "2023-07-24T07:55:02.091Z",
        "dateUpdated": "2024-09-06T17:26:13.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38675 (GCVE-0-2023-38675)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:10 – Updated: 2025-05-21 14:58
    VLAI
    Title
    FPE in paddle.linalg.matrix_rank
    Summary
    FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.798Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38675",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-21T14:58:43.251743Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-21T14:58:58.810Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eFPE in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epaddle.linalg.matrix_rank\u003c/span\u003e in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369 Divide By Zero",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:10:48.838Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FPE in paddle.linalg.matrix_rank",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-38675",
        "datePublished": "2024-01-03T08:10:48.838Z",
        "dateReserved": "2023-07-24T07:55:02.091Z",
        "dateUpdated": "2025-05-21T14:58:58.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38674 (GCVE-0-2023-38674)

    Vulnerability from cvelistv5 – Published: 2024-01-03 08:10 – Updated: 2025-06-06 20:05
    VLAI
    Title
    FPE in paddle.nanmedian
    Summary
    FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.6.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-006.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38674",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-23T20:28:01.294946Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-06T20:05:09.016Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eFPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369 Divide By Zero",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T08:10:10.276Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-006.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FPE in paddle.nanmedian",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-38674",
        "datePublished": "2024-01-03T08:10:10.276Z",
        "dateReserved": "2023-07-24T07:55:02.091Z",
        "dateUpdated": "2025-06-06T20:05:09.016Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38673 (GCVE-0-2023-38673)

    Vulnerability from cvelistv5 – Published: 2023-07-26 11:10 – Updated: 2024-10-23 15:40
    VLAI
    Title
    Command injection in fs.py
    Summary
    PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.5.0 (git)
    Create a notification for this product.
    Date Public
    2023-07-26 11:08
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-005.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38673",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T15:40:42.591262Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T15:40:52.801Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "datePublic": "2023-07-26T11:08:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "PaddlePaddle before 2.5.0 has a command injection in fs.py. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis resulted in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe ability to execute arbitrary commands on the operating system.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in\u00a0the ability to execute arbitrary commands on the operating system.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\"OS Command Injection\")",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-26T11:10:34.410Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-005.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command injection in fs.py",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-38673",
        "datePublished": "2023-07-26T11:10:34.410Z",
        "dateReserved": "2023-07-24T07:55:02.091Z",
        "dateUpdated": "2024-10-23T15:40:52.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38672 (GCVE-0-2023-38672)

    Vulnerability from cvelistv5 – Published: 2023-07-26 11:04 – Updated: 2024-10-23 14:17
    VLAI
    Title
    FPE in paddle.linalg.matrix_power
    Summary
    FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.5.0 (git)
    Create a notification for this product.
    Date Public
    2023-07-26 11:03
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-004.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38672",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:16:41.961888Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T14:17:02.964Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "datePublic": "2023-07-26T11:03:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "FPE in paddle.trace in PaddlePaddle before 2.5.0. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis flaw can cause a runtime crash and a denial of service.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369 Divide By Zero",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-26T11:04:13.221Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-004.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FPE in paddle.linalg.matrix_power",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-38672",
        "datePublished": "2023-07-26T11:04:13.221Z",
        "dateReserved": "2023-07-24T07:55:02.091Z",
        "dateUpdated": "2024-10-23T14:17:02.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38671 (GCVE-0-2023-38671)

    Vulnerability from cvelistv5 – Published: 2023-07-26 10:59 – Updated: 2024-10-23 14:18
    VLAI
    Title
    Heap buffer overflow in paddle.trace
    Summary
    Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ("Classic Buffer Overflow")
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.5.0 (git)
    Create a notification for this product.
    Date Public
    2023-07-26 10:51
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-003.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38671",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:18:17.578907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T14:18:50.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "datePublic": "2023-07-26T10:51:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis flaw can lead to a denial of service, information disclosure, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eor more damage is possible\u003c/span\u003e.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\"Classic Buffer Overflow\")",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-26T10:59:48.778Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-003.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Heap buffer overflow in paddle.trace",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-38671",
        "datePublished": "2023-07-26T10:59:48.778Z",
        "dateReserved": "2023-07-24T07:55:02.091Z",
        "dateUpdated": "2024-10-23T14:18:50.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38670 (GCVE-0-2023-38670)

    Vulnerability from cvelistv5 – Published: 2023-07-26 10:50 – Updated: 2024-10-23 14:26
    VLAI
    Title
    Null pointer dereference in paddle.flip
    Summary
    Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.5.0 (git)
    Create a notification for this product.
    Date Public
    2023-07-26 10:48
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-002.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38670",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:25:33.629346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T14:26:06.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "datePublic": "2023-07-26T10:48:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis resulted in a runtime crash and denial of service.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-26T10:50:12.245Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-002.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Null pointer dereference in paddle.flip",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-38670",
        "datePublished": "2023-07-26T10:50:12.245Z",
        "dateReserved": "2023-07-24T07:55:02.090Z",
        "dateUpdated": "2024-10-23T14:26:06.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38669 (GCVE-0-2023-38669)

    Vulnerability from cvelistv5 – Published: 2023-07-26 09:29 – Updated: 2024-10-22 20:31
    VLAI
    Summary
    Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.5.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.632Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-001.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38669",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T20:30:13.595114Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-22T20:31:35.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis resulted in a potentially exploitable condition.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-26T09:29:39.869Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-001.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2023-38669",
        "datePublished": "2023-07-26T09:29:39.869Z",
        "dateReserved": "2023-07-24T07:55:02.090Z",
        "dateUpdated": "2024-10-22T20:31:35.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46742 (GCVE-0-2022-46742)

    Vulnerability from cvelistv5 – Published: 2022-12-07 08:16 – Updated: 2025-04-22 21:00
    VLAI
    Summary
    Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 2.4.0-rc0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:39:38.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46742",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T21:00:42.300153Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T21:00:54.778Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.4.0-rc0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.\u003cbr\u003e"
                }
              ],
              "value": "Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-07T08:16:09.365Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2022-46742",
        "datePublished": "2022-12-07T08:16:09.365Z",
        "dateReserved": "2022-12-07T05:44:14.697Z",
        "dateUpdated": "2025-04-22T21:00:54.778Z",
        "requesterUserId": "352dd6e5-6d25-4bee-bbe8-f4cffd946a4f",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46741 (GCVE-0-2022-46741)

    Vulnerability from cvelistv5 – Published: 2022-12-07 07:41 – Updated: 2025-04-22 20:59
    VLAI
    Summary
    Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. 
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PaddlePaddle PaddlePaddle Affected: 0 , < 2.4 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:39:38.556Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-001.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46741",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T20:58:39.112533Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T20:59:04.875Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PaddlePaddle",
              "vendor": "PaddlePaddle",
              "versions": [
                {
                  "lessThan": "2.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.\u0026nbsp;"
                }
              ],
              "value": "Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.\u00a0"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-47",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-47 Buffer Overflow via Parameter Expansion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-07T07:41:04.470Z",
            "orgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
            "shortName": "Baidu"
          },
          "references": [
            {
              "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-001.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7b443bca-21a2-4df8-b477-ec36491d9932",
        "assignerShortName": "Baidu",
        "cveId": "CVE-2022-46741",
        "datePublished": "2022-12-07T07:41:04.470Z",
        "dateReserved": "2022-12-07T05:44:14.697Z",
        "dateUpdated": "2025-04-22T20:59:04.875Z",
        "requesterUserId": "352dd6e5-6d25-4bee-bbe8-f4cffd946a4f",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }