CVE-2021-33648

{"id": "CVE-2021-33648", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-06-27T17:15:08.670", "references": [{"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md", "tags": ["Patch", "Third Party Advisory"], "source": "securities@openeuler.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Secondary", "source": "securities@openeuler.org", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers."}, {"lang": "es", "value": "Cuando es llevada a cabo la operaci\u00f3n de inferencia de forma de los operadores Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup y Gather, si el tama\u00f1o de la forma de entrada es 0, ser\u00e1 accedido a datos fuera de l\u00edmites de la forma asignada desde los buffers del mont\u00f3n"}], "lastModified": "2022-07-07T16:03:35.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mindspore:mindspore:*:*:*:*:*:openeuler:*:*", "vulnerable": true, "matchCriteriaId": "03141B37-4ADF-41A1-BB98-B3EB2A0A929C", "versionEndExcluding": "1.3.0", "versionStartIncluding": "1.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "securities@openeuler.org"}