CVE-2021-33648

HIGH

mindspore 1.1.0-1.2.9 - Out-of-bounds Read in Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather Operators

Title source: llm
STIX 2.1

Description

When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0085
EPSS Percentile 53.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-125
Status published
Products (1)
mindspore/mindspore 1.1.0 - 1.3.0
Published Jun 27, 2022
Tracked Since Feb 18, 2026