Search criteria
27 vulnerabilities found for mindspore by mindspore
FKIE_CVE-2023-2970
Vulnerability from fkie_nvd - Published: 2023-05-30 06:16 - Updated: 2024-11-21 07:59
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://gitee.com/mindspore/mindspore/commit/30f4729ea2c01e1ed437ba92a81e2fc098d608a9 | Permissions Required | |
| cna@vuldb.com | https://gitee.com/mindspore/mindspore/issues/I73DOS | Issue Tracking, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.230176 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.230176 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitee.com/mindspore/mindspore/commit/30f4729ea2c01e1ed437ba92a81e2fc098d608a9 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitee.com/mindspore/mindspore/issues/I73DOS | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.230176 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.230176 | Permissions Required |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mindspore:mindspore:2.0.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "05B517AD-3FC7-4D69-8363-EC68AA775567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mindspore:mindspore:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "589AF81E-B22E-450E-AFCE-8570A317FEA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176."
}
],
"id": "CVE-2023-2970",
"lastModified": "2024-11-21T07:59:39.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-30T06:16:30.853",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://gitee.com/mindspore/mindspore/commit/30f4729ea2c01e1ed437ba92a81e2fc098d608a9"
},
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/mindspore/issues/I73DOS"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.230176"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?id.230176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://gitee.com/mindspore/mindspore/commit/30f4729ea2c01e1ed437ba92a81e2fc098d608a9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/mindspore/issues/I73DOS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.230176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?id.230176"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
FKIE_CVE-2021-33654
Vulnerability from fkie_nvd - Published: 2022-06-27 17:15 - Updated: 2024-11-21 06:09
Severity ?
Summary
When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mindspore:mindspore:*:*:*:*:*:openeuler:*:*",
"matchCriteriaId": "1C2C732E-38EA-44A6-85EA-6361337A34C0",
"versionEndExcluding": "1.3.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mindspore:mindspore:0.7.0:beta:*:*:*:openeuler:*:*",
"matchCriteriaId": "E51B4E88-2117-4BBA-B640-236E15F809C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception."
},
{
"lang": "es",
"value": "Cuando es llevada a cabo la operaci\u00f3n de inicializaci\u00f3n del operador Split, si una dimensi\u00f3n de la forma de entrada es 0, causar\u00e1 una excepci\u00f3n de divisi\u00f3n por 0"
}
],
"id": "CVE-2021-33654",
"lastModified": "2024-11-21T06:09:17.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-27T17:15:09.057",
"references": [
{
"source": "securities@openeuler.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md"
}
],
"sourceIdentifier": "securities@openeuler.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "securities@openeuler.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-33652
Vulnerability from fkie_nvd - Published: 2022-06-27 17:15 - Updated: 2024-11-21 06:09
Severity ?
Summary
When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mindspore:mindspore:*:*:*:*:*:openeuler:*:*",
"matchCriteriaId": "1C2C732E-38EA-44A6-85EA-6361337A34C0",
"versionEndExcluding": "1.3.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mindspore:mindspore:0.7.0:beta:*:*:*:openeuler:*:*",
"matchCriteriaId": "E51B4E88-2117-4BBA-B640-236E15F809C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception."
},
{
"lang": "es",
"value": "Cuando es ejecutada la operaci\u00f3n de ejecuci\u00f3n del operador Reduce, si se presenta un valor de 0 en el elemento axis_sizes del par\u00e1metro, causar\u00e1 una excepci\u00f3n de divisi\u00f3n por 0"
}
],
"id": "CVE-2021-33652",
"lastModified": "2024-11-21T06:09:17.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-27T17:15:08.923",
"references": [
{
"source": "securities@openeuler.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-003_en.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-003_en.md"
}
],
"sourceIdentifier": "securities@openeuler.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "securities@openeuler.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-33647
Vulnerability from fkie_nvd - Published: 2022-06-27 17:15 - Updated: 2024-11-21 06:09
Severity ?
Summary
When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mindspore:mindspore:*:*:*:*:*:openeuler:*:*",
"matchCriteriaId": "1C2C732E-38EA-44A6-85EA-6361337A34C0",
"versionEndExcluding": "1.3.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mindspore:mindspore:0.7.0:beta:*:*:*:openeuler:*:*",
"matchCriteriaId": "E51B4E88-2117-4BBA-B640-236E15F809C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers."
},
{
"lang": "es",
"value": "Cuando es llevada a cabo la operaci\u00f3n de inferencia de forma del operador Tile, si el tipo de datos de entrada no es int o int32, ser\u00e1 accedido a datos fuera de l\u00edmites de los b\u00faferes asignados a la pila"
}
],
"id": "CVE-2021-33647",
"lastModified": "2024-11-21T06:09:16.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-27T17:15:08.590",
"references": [
{
"source": "securities@openeuler.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-008_en.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-008_en.md"
}
],
"sourceIdentifier": "securities@openeuler.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "securities@openeuler.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-33650
Vulnerability from fkie_nvd - Published: 2022-06-27 17:15 - Updated: 2024-11-21 06:09
Severity ?
Summary
When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mindspore:mindspore:*:*:*:*:*:openeuler:*:*",
"matchCriteriaId": "8FB00FC1-5C50-4C4C-A6C1-DC948EAB101C",
"versionEndExcluding": "1.3.0",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers."
},
{
"lang": "es",
"value": "Cuando es llevada a cabo la operaci\u00f3n de inferencia de forma del operador SparseToDense, si el n\u00famero de entradas es inferior a tres, ser\u00e1 accedido a datos fuera de l\u00edmites de las entradas que se asignan desde los buffers de la pila"
}
],
"id": "CVE-2021-33650",
"lastModified": "2024-11-21T06:09:16.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-27T17:15:08.793",
"references": [
{
"source": "securities@openeuler.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md"
}
],
"sourceIdentifier": "securities@openeuler.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "securities@openeuler.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-33649
Vulnerability from fkie_nvd - Published: 2022-06-27 17:15 - Updated: 2024-11-21 06:09
Severity ?
Summary
When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mindspore:mindspore:*:*:*:*:*:openeuler:*:*",
"matchCriteriaId": "1C2C732E-38EA-44A6-85EA-6361337A34C0",
"versionEndExcluding": "1.3.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mindspore:mindspore:0.7.0:beta:*:*:*:openeuler:*:*",
"matchCriteriaId": "E51B4E88-2117-4BBA-B640-236E15F809C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers."
},
{
"lang": "es",
"value": "Cuando es llevada a cabo la operaci\u00f3n de inferencia de forma del operador Transpose, si el valor del elemento perm es mayor o igual que el tama\u00f1o de la forma de entrada, ser\u00e1 accedido a datos fuera de l\u00edmites de la forma de entrada que se han asignado desde los buffers de la pila"
}
],
"id": "CVE-2021-33649",
"lastModified": "2024-11-21T06:09:16.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-27T17:15:08.733",
"references": [
{
"source": "securities@openeuler.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-006_en.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-006_en.md"
}
],
"sourceIdentifier": "securities@openeuler.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "securities@openeuler.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-33653
Vulnerability from fkie_nvd - Published: 2022-06-27 17:15 - Updated: 2024-11-21 06:09
Severity ?
Summary
When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mindspore:mindspore:*:*:*:*:*:openeuler:*:*",
"matchCriteriaId": "1C2C732E-38EA-44A6-85EA-6361337A34C0",
"versionEndExcluding": "1.3.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mindspore:mindspore:0.7.0:beta:*:*:*:openeuler:*:*",
"matchCriteriaId": "E51B4E88-2117-4BBA-B640-236E15F809C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception."
},
{
"lang": "es",
"value": "Cuando es llevada a cabo la operaci\u00f3n de derivaci\u00f3n de forma del operador SpaceToBatch, si se presenta un valor de 0 en el elemento block_shape del par\u00e1metro, causar\u00e1 una excepci\u00f3n de divisi\u00f3n por 0"
}
],
"id": "CVE-2021-33653",
"lastModified": "2024-11-21T06:09:17.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-27T17:15:08.993",
"references": [
{
"source": "securities@openeuler.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md"
}
],
"sourceIdentifier": "securities@openeuler.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "securities@openeuler.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-33648
Vulnerability from fkie_nvd - Published: 2022-06-27 17:15 - Updated: 2024-11-21 06:09
Severity ?
Summary
When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mindspore:mindspore:*:*:*:*:*:openeuler:*:*",
"matchCriteriaId": "03141B37-4ADF-41A1-BB98-B3EB2A0A929C",
"versionEndExcluding": "1.3.0",
"versionStartIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers."
},
{
"lang": "es",
"value": "Cuando es llevada a cabo la operaci\u00f3n de inferencia de forma de los operadores Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup y Gather, si el tama\u00f1o de la forma de entrada es 0, ser\u00e1 accedido a datos fuera de l\u00edmites de la forma asignada desde los buffers del mont\u00f3n"
}
],
"id": "CVE-2021-33648",
"lastModified": "2024-11-21T06:09:16.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-27T17:15:08.670",
"references": [
{
"source": "securities@openeuler.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md"
}
],
"sourceIdentifier": "securities@openeuler.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "securities@openeuler.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-33651
Vulnerability from fkie_nvd - Published: 2022-06-27 17:15 - Updated: 2024-11-21 06:09
Severity ?
Summary
When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mindspore:mindspore:*:*:*:*:*:openeuler:*:*",
"matchCriteriaId": "03141B37-4ADF-41A1-BB98-B3EB2A0A929C",
"versionEndExcluding": "1.3.0",
"versionStartIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception."
},
{
"lang": "es",
"value": "Cuando es llevada a cabo la operaci\u00f3n de an\u00e1lisis del operador DepthwiseConv2D, si el atributo depth_multiplier es 0, causar\u00e1 una excepci\u00f3n de divisi\u00f3n por 0"
}
],
"id": "CVE-2021-33651",
"lastModified": "2024-11-21T06:09:16.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-27T17:15:08.857",
"references": [
{
"source": "securities@openeuler.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md"
}
],
"sourceIdentifier": "securities@openeuler.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "securities@openeuler.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-2970 (GCVE-0-2023-2970)
Vulnerability from cvelistv5 – Published: 2023-05-30 05:31 – Updated: 2024-11-22 18:01
VLAI?
Summary
A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176.
Severity ?
CWE
- CWE-119 - Memory Corruption
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
VulDB Gitee Analyzer
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.230176"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.230176"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitee.com/mindspore/mindspore/issues/I73DOS"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://gitee.com/mindspore/mindspore/commit/30f4729ea2c01e1ed437ba92a81e2fc098d608a9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T18:00:53.595198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T18:01:00.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MindSpore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.0.0-alpha"
},
{
"status": "affected",
"version": "2.0.0-rc1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB Gitee Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176."
},
{
"lang": "de",
"value": "In MindSpore 2.0.0-alpha/2.0.0-rc1 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft die Funktion JsonHelper::UpdateArray der Datei mindspore/ccsrc/minddata/dataset/util/json_helper.cc. Dank Manipulation mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Patch wird als 30f4729ea2c01e1ed437ba92a81e2fc098d608a9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T07:23:08.445Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.230176"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.230176"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitee.com/mindspore/mindspore/issues/I73DOS"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/mindspore/mindspore/commit/30f4729ea2c01e1ed437ba92a81e2fc098d608a9"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-05-30T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-05-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-06-22T01:47:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "MindSpore json_helper.cc UpdateArray memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-2970",
"datePublished": "2023-05-30T05:31:03.695Z",
"dateReserved": "2023-05-30T04:58:32.620Z",
"dateUpdated": "2024-11-22T18:01:00.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33654 (GCVE-0-2021-33654)
Vulnerability from cvelistv5 – Published: 2022-06-27 16:26 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception.
Severity ?
No CVSS data available.
CWE
- CWE-369 - Division by Zero Exception
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 0.7.0-beta, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Division by Zero Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:26:29",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 Division by Zero Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33654",
"datePublished": "2022-06-27T16:26:29",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33653 (GCVE-0-2021-33653)
Vulnerability from cvelistv5 – Published: 2022-06-27 16:25 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception.
Severity ?
No CVSS data available.
CWE
- CWE-369 - Division by Zero Exception
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 0.7.0-beta, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Division by Zero Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:25:27",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 Division by Zero Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33653",
"datePublished": "2022-06-27T16:25:27",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33650 (GCVE-0-2021-33650)
Vulnerability from cvelistv5 – Published: 2022-06-27 16:24 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 1.2.0, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:24:12",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.2.0, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33650",
"datePublished": "2022-06-27T16:24:12",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:21.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33651 (GCVE-0-2021-33651)
Vulnerability from cvelistv5 – Published: 2022-06-27 16:23 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception.
Severity ?
No CVSS data available.
CWE
- CWE-369 - Division by Zero Exception
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 1.1.0, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Division by Zero Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:23:04",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.1.0, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 Division by Zero Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33651",
"datePublished": "2022-06-27T16:23:04",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33652 (GCVE-0-2021-33652)
Vulnerability from cvelistv5 – Published: 2022-06-27 16:21 – Updated: 2024-08-03 23:58
VLAI?
Summary
When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception.
Severity ?
No CVSS data available.
CWE
- CWE-369 - Division by Zero Exception
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 0.7.0-beta, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-003_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Division by Zero Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:21:47",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-003_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 Division by Zero Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-003_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-003_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33652",
"datePublished": "2022-06-27T16:21:47",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33649 (GCVE-0-2021-33649)
Vulnerability from cvelistv5 – Published: 2022-06-27 16:20 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 0.7.0-beta, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-006_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:20:28",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-006_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-006_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-006_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33649",
"datePublished": "2022-06-27T16:20:28",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33647 (GCVE-0-2021-33647)
Vulnerability from cvelistv5 – Published: 2022-06-27 16:19 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 0.7.0-beta, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-008_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:19:06",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-008_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-008_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-008_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33647",
"datePublished": "2022-06-27T16:19:06",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:21.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33648 (GCVE-0-2021-33648)
Vulnerability from cvelistv5 – Published: 2022-06-27 16:17 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 1.1.0, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:17:35",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.1.0, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33648",
"datePublished": "2022-06-27T16:17:35",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:21.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2970 (GCVE-0-2023-2970)
Vulnerability from nvd – Published: 2023-05-30 05:31 – Updated: 2024-11-22 18:01
VLAI?
Summary
A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176.
Severity ?
CWE
- CWE-119 - Memory Corruption
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
VulDB Gitee Analyzer
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.230176"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.230176"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitee.com/mindspore/mindspore/issues/I73DOS"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://gitee.com/mindspore/mindspore/commit/30f4729ea2c01e1ed437ba92a81e2fc098d608a9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T18:00:53.595198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T18:01:00.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MindSpore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.0.0-alpha"
},
{
"status": "affected",
"version": "2.0.0-rc1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB Gitee Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176."
},
{
"lang": "de",
"value": "In MindSpore 2.0.0-alpha/2.0.0-rc1 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft die Funktion JsonHelper::UpdateArray der Datei mindspore/ccsrc/minddata/dataset/util/json_helper.cc. Dank Manipulation mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Patch wird als 30f4729ea2c01e1ed437ba92a81e2fc098d608a9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T07:23:08.445Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.230176"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.230176"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitee.com/mindspore/mindspore/issues/I73DOS"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/mindspore/mindspore/commit/30f4729ea2c01e1ed437ba92a81e2fc098d608a9"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-05-30T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-05-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-06-22T01:47:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "MindSpore json_helper.cc UpdateArray memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-2970",
"datePublished": "2023-05-30T05:31:03.695Z",
"dateReserved": "2023-05-30T04:58:32.620Z",
"dateUpdated": "2024-11-22T18:01:00.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33654 (GCVE-0-2021-33654)
Vulnerability from nvd – Published: 2022-06-27 16:26 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception.
Severity ?
No CVSS data available.
CWE
- CWE-369 - Division by Zero Exception
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 0.7.0-beta, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Division by Zero Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:26:29",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 Division by Zero Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33654",
"datePublished": "2022-06-27T16:26:29",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33653 (GCVE-0-2021-33653)
Vulnerability from nvd – Published: 2022-06-27 16:25 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception.
Severity ?
No CVSS data available.
CWE
- CWE-369 - Division by Zero Exception
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 0.7.0-beta, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Division by Zero Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:25:27",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 Division by Zero Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33653",
"datePublished": "2022-06-27T16:25:27",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33650 (GCVE-0-2021-33650)
Vulnerability from nvd – Published: 2022-06-27 16:24 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 1.2.0, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:24:12",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.2.0, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33650",
"datePublished": "2022-06-27T16:24:12",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:21.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33651 (GCVE-0-2021-33651)
Vulnerability from nvd – Published: 2022-06-27 16:23 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception.
Severity ?
No CVSS data available.
CWE
- CWE-369 - Division by Zero Exception
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 1.1.0, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Division by Zero Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:23:04",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.1.0, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 Division by Zero Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33651",
"datePublished": "2022-06-27T16:23:04",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33652 (GCVE-0-2021-33652)
Vulnerability from nvd – Published: 2022-06-27 16:21 – Updated: 2024-08-03 23:58
VLAI?
Summary
When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception.
Severity ?
No CVSS data available.
CWE
- CWE-369 - Division by Zero Exception
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 0.7.0-beta, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-003_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Division by Zero Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:21:47",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-003_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 Division by Zero Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-003_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-003_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33652",
"datePublished": "2022-06-27T16:21:47",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33649 (GCVE-0-2021-33649)
Vulnerability from nvd – Published: 2022-06-27 16:20 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 0.7.0-beta, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-006_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:20:28",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-006_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-006_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-006_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33649",
"datePublished": "2022-06-27T16:20:28",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33647 (GCVE-0-2021-33647)
Vulnerability from nvd – Published: 2022-06-27 16:19 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 0.7.0-beta, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-008_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:19:06",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-008_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.7.0-beta, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-008_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-008_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33647",
"datePublished": "2022-06-27T16:19:06",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:21.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33648 (GCVE-0-2021-33648)
Vulnerability from nvd – Published: 2022-06-27 16:17 – Updated: 2024-08-03 23:58
VLAI?
Summary
When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openEuler:mindspore |
Affected:
>= 1.1.0, < 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openEuler:mindspore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T16:17:35",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securities@openeuler.org",
"ID": "CVE-2021-33648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openEuler:mindspore",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.1.0, \u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md",
"refsource": "MISC",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33648",
"datePublished": "2022-06-27T16:17:35",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:21.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}