FPE in paddle.linalg.eig
CVE-2023-38677

4.7MEDIUM

Key Information:

Vendor: Paddlepaddle
Status: Paddlepaddle
Vendor: CVE Published:; 3 January 2024

🔔 Create Paddlepaddle Vulnerability Alert

What is CVE-2023-38677?

A flaw exists in the linear algebra functionality of PaddlePaddle, specifically within the paddle.linalg.eig function, affecting versions before 2.6.0. This vulnerability can trigger a runtime crash, potentially leading to service disruptions. Developers utilizing PaddlePaddle for machine learning tasks should take caution, as this flaw may compromise application stability and overall performance.

Affected Version(s)

PaddlePaddle 0 < 2.6.0

References

https://github.com/PaddlePaddle/Paddle/blob/develop/secur...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 3, 2024
Vulnerability Reserved
Jul 24, 2023

CVE-2023-38677 Data

JSON