Miggo Logo

CVE-2023-52303: PaddlePaddle segfault in paddle.put_along_axis

4.7

CVSS Score
3.1

Basic Information

EPSS Score
0.30844%
Published
1/3/2024
Updated
11/22/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
paddlepaddlepip< 2.6.02.6.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The core vulnerability stems from improper input validation in two key areas:

  1. The CastPyArg2* functions in op_function_common.cc failed to exclude Tensor objects when expecting sequences, leading to null pointer dereference when processing invalid inputs to put_along_axis. The patch explicitly adds PyObject_TypeCheck guards.
  2. SearchsortedInferMeta lacked dimension checks, allowing empty tensors that could cause crashes. The patch adds PADDLE_ENFORCE_GE for dimension validation. Other changes in the commit add general safety checks but are less directly tied to the specific put_along_axis vulnerability described.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Nullptr in p***l*.put_*lon*_*xis in P***l*P***l* ***or* *.*.*. T*is *l*w **n **us* * runtim* *r*s* *n* * **ni*l o* s*rvi**.

Reasoning

T** *or* vuln*r**ility st*ms *rom improp*r input v*li**tion in two k*y *r**s: *. T** **stPy*r*** *un*tions in op_*un*tion_*ommon.** **il** to *x*lu** T*nsor o*j**ts w**n *xp**tin* s*qu*n**s, l***in* to null point*r **r***r*n** w**n pro**ssin* inv*li*