Tong Liu

Name of the Vulnerable Software and Affected Versions: NVIDIA NeMo Framework (affected versions not specified) Description: The NVIDIA NeMo Framework contains an issue in the export and deploy component that could allow an attacker to inject code via malicious data. A successful exploit may lead to code execution, privilege escalation, information disclosure, and data tampering. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** The issue is related to out-of-bounds (OOB) access in `paddle.mode` within PaddlePaddle. This flaw can cause a runtime crash and a denial of service. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** The issue is a stack overflow in the `paddle.searchsorted` function. This flaw can lead to a denial of service or potentially more severe consequences. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `paddle.searchsorted` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** The issue is related to a flaw in the `paddle.topk` function, which can cause a runtime crash and a denial of service. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the `paddle.topk` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** The issue is related to a flaw in the `paddle.lerp` function, which can cause a runtime crash and a denial of service. This flaw can lead to a denial of service. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the `paddle.lerp` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** The issue is a stack overflow in `paddle.linalg.lu unpack` that can lead to a denial of service or potentially more severe consequences. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the `paddle.linalg.lu unpack` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** The issue is related to a flaw in `paddle.amin` that can cause a runtime crash and a denial of service. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** A heap buffer overflow flaw exists in the `paddle.repeat interleave` function. This issue can lead to a denial of service, information disclosure, or potentially more severe damage. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the `paddle.repeat interleave` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** The issue is related to a flaw in the `paddle.nanmedian` function, which can cause a runtime crash and a denial of service. This flaw can lead to a denial of service. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the `paddle.nanmedian` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** This issue can cause a runtime crash and a denial of service. It is related to a flaw in the `paddle.linalg.matrix rank` function. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the `paddle.linalg.matrix rank` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** This issue is related to a null pointer in paddle.dot, which can cause a runtime crash and a denial of service. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** The issue is related to a flaw in the paddle.linalg.eig function in PaddlePaddle, which can cause a runtime crash and a denial of service. This flaw can lead to a blockage of the runtime and a denial of service. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the `paddle.linalg.eig` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** The issue is related to a nullptr in `paddle.nextafter` in PaddlePaddle, which can cause a runtime crash and a denial of service. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the `paddle.nextafter` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** The issue is related to a nullptr in `paddle.put along axis` in PaddlePaddle, which can cause a runtime crash and a denial of service. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `paddle.put along axis` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.5.0 **Description** The issue is related to a use after free condition in the `paddle.diagonal` function. This resulted in a potentially exploitable condition. **Recommendations** For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.5.0 **Description** The issue is a null pointer dereference in the `paddle.flip` function, which results in a runtime crash and denial of service. **Recommendations** For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider disabling the `paddle.flip` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.5.0 **Description** The issue is related to a heap buffer overflow in paddle.trace, which can lead to a denial of service, information disclosure, or potentially more severe damage. **Recommendations** For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the paddle.trace component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.5.0 **Description** The issue is related to a flaw that can cause a runtime crash and a denial of service. It is associated with FPE in paddle.trace and paddle.linalg.matrix power in PaddlePaddle. **Recommendations** For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider disabling the `paddle.trace` and `paddle.linalg.matrix power` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle version 2.4.0-rc0 **Description** The issue allows for code injection in the `paddle.audio.functional.get window` function, enabling arbitrary code execution. **Recommendations** For PaddlePaddle version 2.4.0-rc0, consider applying the patch available on the `develop` branch of the repository, which is anticipated to be part of a 2.4 release. As a temporary workaround, consider restricting the use of the `paddle.audio.functional.get window` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier **Description** The issue results in a segmentation fault when `tf.raw ops.TensorListConcat` is given `element shape=[]`, which can be used to trigger a denial of service attack. This can be achieved by providing an empty `element shape` to the `tf.raw ops.TensorListConcat` function, as shown in the example code. The estimated number of potentially affected devices is not specified. **Recommendations** For versions prior to 2.11, update to TensorFlow 2.11 or later. For versions 2.10.1 and earlier, update to TensorFlow 2.10.1 or later, or apply the patch from GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. For versions 2.9.3 and earlier, update to TensorFlow 2.9.3 or later, or apply the patch from GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. For versions 2.8.4 and earlier, update to TensorFlow 2.8.4 or later, or apply the patch from GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. As a temporary workaround, consider avoiding the use of `tf.raw ops.TensorListConcat` with an empty `element shape` until the issue is resolved.