Use After Free Vulnerability in PaddlePaddle by Paddle
CVE-2023-38669

8.3HIGH

Key Information:

Vendor: Paddlepaddle
Status: Paddlepaddle
Vendor: CVE Published:; 26 July 2023

🔔 Create Paddlepaddle Vulnerability Alert

What is CVE-2023-38669?

A Use After Free vulnerability exists in the PaddlePaddle library within the 'paddle.diagonal' function, affecting versions prior to 2.5.0. This flaw can potentially allow an attacker to exploit the application by manipulating memory references, leading to unpredictable behavior or application crashes.

Affected Version(s)

PaddlePaddle 0 < 2.5.0

References

https://github.com/PaddlePaddle/Paddle/blob/develop/secur...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2023
Vulnerability Reserved
Jul 24, 2023

CVE-2023-38669 Data

JSON