GSA_kwCzR0hTQS04d2ZoLXF4eHYtM3E4Y84AA05O

High EPSS: 0.0029% (0.5186 Percentile) EPSS:

Permalink JSON

Use after free in PaddlePaddle

Affected Packages	Affected Versions	Fixed Versions
pypi:paddlepaddle	>= 0, < 2.5.0	2.5.0
58 Dependent packages 2,208 Dependent repositories 545,565 Downloads last month Affected Version Ranges All affected versions 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.7.0, 1.7.1, 1.7.2, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.4.2 All unaffected versions 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 3.0.0, 3.1.0

Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.

References:

Identifiers

GHSA-8wfh-qxxv-3q8c

CVE-2023-38669

Risk

Severity

High

EPSS

EPSS Percentage: 0.0029

EPSS Percentile: 0.5186

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/PaddlePaddle/Paddle

Date and time

Published

about 2 years ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories