Stack overflow in paddle.linalg.lu_unpack
CVE-2023-52307

8.2HIGH

Key Information:

Vendor: Paddlepaddle
Status: Paddlepaddle
Vendor: CVE Published:; 3 January 2024

🔔 Create Paddlepaddle Vulnerability Alert

What is CVE-2023-52307?

The vulnerability in PaddlePaddle, specifically in the paddle.linalg.lu_unpack function, involves a stack overflow issue that can result in denial of service attacks. This flaw, present in all versions before 2.6.0, exposes systems to potential instability and interruptions in service. Organizations using affected versions are encouraged to update to the latest release to mitigate risks associated with this vulnerability. For further details and recommendations, refer to the official security advisory.

Affected Version(s)

PaddlePaddle 0 < 2.6.0

References

https://github.com/PaddlePaddle/Paddle/blob/develop/secur...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 3, 2024
Vulnerability Reserved
Jan 2, 2024

CVE-2023-52307 Data

JSON