Code Injection Vulnerability in PaddlePaddle by Baidu
CVE-2022-46742

10CRITICAL

Key Information:

Vendor: Paddlepaddle
Status: Paddlepaddle
Vendor: CVE Published:; 7 December 2022

🔔 Create Paddlepaddle Vulnerability Alert

What is CVE-2022-46742?

A code injection vulnerability exists in the get_window function of paddle.audio.functional in PaddlePaddle, versions 2.4.0-rc0. This flaw enables an attacker to execute arbitrary code within the affected application, posing a significant risk to the system's integrity and security. Users of PaddlePaddle need to apply relevant patches to mitigate this vulnerability as outlined in the official security advisory from Baidu.

Affected Version(s)

PaddlePaddle 2.4.0-rc0

References

https://github.com/PaddlePaddle/Paddle/blob/develop/secur...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2022
Vulnerability Reserved
Dec 7, 2022

CVE-2022-46742 Data

JSON