Vulnerability Details : CVE-2023-2970
A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2023-2970
- cpe:2.3:a:mindspore:mindspore:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mindspore:mindspore:2.0.0:alpha:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2970
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2970
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.7
|
LOW | AV:A/AC:L/Au:S/C:N/I:N/A:P |
5.1
|
2.9
|
VulDB | |
3.5
|
LOW | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
2.1
|
1.4
|
VulDB | |
3.5
|
LOW | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
2.1
|
1.4
|
VulDB | 2024-02-29 |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2023-2970
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: cna@vuldb.com (Primary)
References for CVE-2023-2970
-
https://gitee.com/mindspore/mindspore/issues/I73DOS
【MD】【FUZZ】UpdateArray算子,存在coredump的情况 · Issue #I73DOS · MindSpore/mindspore - GiteeIssue Tracking;Third Party Advisory
-
https://vuldb.com/?id.230176
CVE-2023-2970: MindSpore json_helper.cc UpdateArray memory corruption (I73DOS)Permissions Required
-
https://vuldb.com/?ctiid.230176
CVE-2023-2970: MindSpore json_helper.cc UpdateArray memory corruption (I73DOS)Permissions Required
-
https://gitee.com/mindspore/mindspore/commit/30f4729ea2c01e1ed437ba92a81e2fc098d608a9
Login - GiteePermissions Required
Jump to