CVE-2023-38674

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 3, 2024
Updated: Jan 5, 2024
CWE ID 369

Summary

CVE-2023-38674 is a vulnerability affecting the PaddlePaddle library before version 2.6.0. The issue lies in the 'paddle.nanmedian' function, which contains a Floating Point Exception (FPE) that can induce a runtime crash. An attacker can exploit this flaw to cause a denial of service (DoS) by triggering the FPE, making it essential for users to update to the latest version of PaddlePaddle to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share