Null pointer dereference in paddle.flip
Description
Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Null pointer dereference in PaddlePaddle's paddle.flip function before version 2.5.0 allows attackers to cause a denial of service via crafted input.
Vulnerability
Overview
CVE-2023-38670 is a null pointer dereference vulnerability in the paddle.flip function of PaddlePaddle, an open-source deep learning framework. The flaw exists in versions prior to 2.5.0 and results in a runtime crash when processing specially crafted input, leading to a denial of service (DoS) condition [1][2].
Exploitation
Details
An attacker can trigger the vulnerability by providing malicious input to the paddle.flip operation. No authentication is required if the framework is exposed to user-supplied data, such as in a model serving environment. The null pointer dereference occurs during tensor manipulation, causing the application to terminate unexpectedly [2][4].
Impact
Successful exploitation causes a denial of service by crashing the PaddlePaddle process. This can disrupt services that rely on the framework, such as inference endpoints or training pipelines. The vulnerability does not lead to remote code execution or data exfiltration [2].
Mitigation
The issue is fixed in PaddlePaddle version 2.5.0. Users should upgrade to the latest release. The official advisory (PDSA-2023-002) provides further details, and the fix commit adds a check for tensor numel in the relevant function [2][4]. No workarounds are documented.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
paddlepaddlePyPI | < 2.5.0 | 2.5.0 |
Affected products
2- PaddlePaddle/PaddlePaddlev5Range: 0
Patches
1ed96baeed19bcheck tensor numel in PyObject_CheckLongOrToLong
1 file changed · +3 −1
paddle/fluid/pybind/op_function_common.cc+3 −1 modified@@ -30,6 +30,7 @@ #include "paddle/fluid/imperative/tracer.h" #include "paddle/fluid/imperative/type_defs.h" #include "paddle/fluid/operators/ops_extra_info.h" +#include "paddle/fluid/pybind/eager.h" #include "paddle/fluid/pybind/imperative.h" #include "paddle/phi/common/complex.h" @@ -70,7 +71,8 @@ bool PyObject_CheckLongOrToLong(PyObject** obj) { if ((PyLong_Check(*obj) && !PyBool_Check(*obj)) || PyObject_IsInstance(*obj, (PyObject*)g_vartype_pytype) || // NOLINT PyObject_IsInstance(*obj, (PyObject*)g_varbase_pytype) || // NOLINT - PyObject_IsInstance(*obj, (PyObject*)p_tensor_type)) { // NOLINT + (PyObject_IsInstance(*obj, (PyObject*)p_tensor_type) && // NOLINT + (((TensorObject*)(*obj))->tensor.numel() == 1))) { // NOLINT return true; }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-rr46-m366-gm44ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-38670ghsaADVISORY
- github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-002.mdghsaWEB
- github.com/PaddlePaddle/Paddle/commit/ed96baeed19b4e11b6cbc2dcc6776245ba5fab13ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2023-123.yamlghsaWEB
News mentions
0No linked articles in our index yet.