PyPI package
paddlepaddle
pkg:pypi/paddlepaddle
Vulnerabilities (32)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38677 | — | < 2.6.0 | 2.6.0 | Jan 3, 2024 | FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | ||
| CVE-2023-38676 | — | < 2.6.0 | 2.6.0 | Jan 3, 2024 | Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | ||
| CVE-2023-38675 | — | < 2.6.0 | 2.6.0 | Jan 3, 2024 | FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | ||
| CVE-2023-38674 | — | < 2.6.0 | 2.6.0 | Jan 3, 2024 | FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | ||
| CVE-2023-38673 | — | < 2.5.0 | 2.5.0 | Jul 26, 2023 | PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system. | ||
| CVE-2023-38672 | — | < 2.5.0 | 2.5.0 | Jul 26, 2023 | FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service. | ||
| CVE-2023-38671 | — | < 2.5.0 | 2.5.0 | Jul 26, 2023 | Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | ||
| CVE-2023-38670 | — | < 2.5.0 | 2.5.0 | Jul 26, 2023 | Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service. | ||
| CVE-2023-38669 | — | < 2.5.0 | 2.5.0 | Jul 26, 2023 | Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition. | ||
| CVE-2022-46742 | — | < 2.4.0 | 2.4.0 | Dec 7, 2022 | Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. | ||
| CVE-2022-46741 | — | < 2.4 | 2.4 | Dec 7, 2022 | Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. | ||
| CVE-2022-45908 | — | < 2.4 | 2.4 | Nov 26, 2022 | In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. |
- CVE-2023-38677Jan 3, 2024affected < 2.6.0fixed 2.6.0
FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38676Jan 3, 2024affected < 2.6.0fixed 2.6.0
Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38675Jan 3, 2024affected < 2.6.0fixed 2.6.0
FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38674Jan 3, 2024affected < 2.6.0fixed 2.6.0
FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38673Jul 26, 2023affected < 2.5.0fixed 2.5.0
PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.
- CVE-2023-38672Jul 26, 2023affected < 2.5.0fixed 2.5.0
FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38671Jul 26, 2023affected < 2.5.0fixed 2.5.0
Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
- CVE-2023-38670Jul 26, 2023affected < 2.5.0fixed 2.5.0
Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.
- CVE-2023-38669Jul 26, 2023affected < 2.5.0fixed 2.5.0
Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
- CVE-2022-46742Dec 7, 2022affected < 2.4.0fixed 2.4.0
Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
- CVE-2022-46741Dec 7, 2022affected < 2.4fixed 2.4
Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.
- CVE-2022-45908Nov 26, 2022affected < 2.4fixed 2.4
In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.
Page 2 of 2