GSA_kwCzR0hTQS1tcjc4LXY1NXAtNzc3N84AA4K5

Moderate EPSS: 0.00096% (0.2817 Percentile) EPSS:

Permalink JSON

PaddlePaddle segfault in paddle.mode

Affected Packages	Affected Versions	Fixed Versions
pypi:PaddlePaddle	< 2.6.0	2.6.0
58 Dependent packages 2,208 Dependent repositories 545,565 Downloads last month Affected Version Ranges All affected versions 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.7.0, 1.7.1, 1.7.2, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2 All unaffected versions 2.6.0, 2.6.1, 2.6.2, 3.0.0, 3.1.0

OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

References:

Identifiers

GHSA-mr78-v55p-7777

CVE-2023-38678

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00096

EPSS Percentile: 0.2817

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/PaddlePaddle/Paddle

Date and time

Published

over 1 year ago

Updated

8 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories