PT-2023-26545 · Unknown · Paddlepaddle

Tong Liu

·

Publicado

2023-07-26

·

Atualizado

2023-07-31

·

CVE-2023-38672

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions PaddlePaddle versions prior to 2.5.0
Description The issue is related to a flaw that can cause a runtime crash and a denial of service. It is associated with FPE in paddle.trace and paddle.linalg.matrix power in PaddlePaddle.
Recommendations For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider disabling the paddle.trace and paddle.linalg.matrix power functions until a patch is available.

Exploit

Correção

Divide By Zero

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-369

Identificadores relacionados

CVE-2023-38672
GHSA-CV2J-922J-HR56
PYSEC-2023-125

Produtos afetados

Paddlepaddle