6.5

CVE-2023-2970

A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MindsporeMindspore Version2.0.0 Updatealpha
MindsporeMindspore Version2.0.0 Updaterc1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.185
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com 3.5 2.1 1.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com 2.7 5.1 2.9
AV:A/AC:L/Au:S/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://gitee.com/mindspore/mindspore/issues/I73DOS
Third Party Advisory
Issue Tracking
https://vuldb.com/?ctiid.230176
Permissions Required
https://vuldb.com/?id.230176
Permissions Required