Null pointer dereference in paddle.crop
Description
Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Null pointer dereference in PaddlePaddle's paddle.crop function can cause a runtime crash and denial of service.
Vulnerability
Overview
CVE-2023-52312 is a null pointer dereference vulnerability in the paddle.crop function within the PaddlePaddle deep learning framework, affecting versions prior to 2.6.0. The root cause is improper validation of tensor dimensions, which allows an attacker to trigger a null pointer access when the function processes invalid inputs [2][4].
Exploitation
Vector
The vulnerability can be triggered by providing specifically crafted tensor arguments to paddle.crop. The proof of concept shows that passing an empty tensor for offsets and a shape tensor containing negative or zero values (e.g., [-1, 0]) will cause a null pointer dereference [4]. No authentication is required; any user or application that can supply input to a PaddlePaddle model using this function is potentially vulnerable.
Potential
Impact
Successful exploitation leads to a runtime crash, resulting in a denial of service. The impact is limited to availability, as the flaw does not appear to enable arbitrary code execution or data corruption [2][4].
Mitigation
Status
The vulnerability has been patched in commit c074de6911944d5d30d28cc7ce2c7099f1c87bce, and the fix is included in PaddlePaddle version 2.6.0 [4]. Users are advised to upgrade to the latest version to mitigate the risk.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PaddlePaddlePyPI | < 2.6.0 | 2.6.0 |
Affected products
2- PaddlePaddle/PaddlePaddlev5Range: 0
Patches
1488a0ddc322badd args check for crop (#59967)
1 file changed · +10 −0
paddle/phi/infermeta/unary.cc+10 −0 modified@@ -664,6 +664,16 @@ void CropInferMeta(const MetaTensor& x, shape_dims.size(), x_dim.size())); + PADDLE_ENFORCE_EQ( + offsets_vec.size(), + x_dim.size(), + errors::InvalidArgument( + "The number of elements (%d) of attribute 'offsets' for " + "CropTensor must be equal to the number of " + "dimensions (%d) of the input.", + offsets_vec.size(), + x_dim.size())); + if (config.is_runtime) { out->share_lod(x); }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-qppw-c37g-xwccghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-52312ghsaADVISORY
- github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.mdghsaWEB
- github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yamlghsaWEB
News mentions
0No linked articles in our index yet.