Skip to main content

Paddlepaddle CVE-2023-38678

MEDIUM
Out-of-bounds Read (CWE-125)
2024-01-03 paddle-security@baidu.com
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:33 vuln.today
Patch released
Mar 28, 2026 - 19:33 nvd
Patch available
CVE Published
Jan 03, 2024 - 09:15 nvd
MEDIUM 4.7

DescriptionCVE.org

OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

AnalysisAI

OOB access in paddle.mode in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. Affected products include: Paddlepaddle. Version information: before 2.6.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2024-0917 CRITICAL POC
9.8 Mar 07

remote code execution in paddlepaddle/paddle 2.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely e

CVE-2023-38673 CRITICAL POC
9.8 Jul 26

PaddlePaddle before 2.5.0 has a command injection in fs.py. Rated critical severity (CVSS 9.8), this vulnerability is re

CVE-2023-38671 CRITICAL POC
9.8 Jul 26

Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. Rated critical severity (CVSS 9.8), this vulnerabilit

CVE-2023-38669 CRITICAL POC
9.8 Jul 26

Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability i

CVE-2022-46742 CRITICAL POC
9.8 Dec 07

Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. Rated cr

CVE-2022-45908 CRITICAL POC
9.8 Nov 26

In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on

CVE-2024-0818 CRITICAL POC
9.1 Mar 07

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6. Rated critical severity (CVSS 9.1), this

CVE-2022-46741 CRITICAL POC
9.1 Dec 07

Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. Rated critical severity (CVSS 9.1), this vulnerability is

CVE-2024-0815 HIGH POC
8.8 Mar 07

Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0. Rated high sever

CVE-2024-0817 HIGH POC
7.8 Mar 07

Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0. Rated high severity (CVSS 7.8), this vulnerability is lo

CVE-2024-1603 HIGH POC
7.5 Mar 23

paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. Rated high severity (CVSS 7.5), th

CVE-2023-38672 HIGH POC
7.5 Jul 26

FPE in paddle.trace in PaddlePaddle before 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploit

Share

CVE-2023-38678 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy