CVE-2021-33649

HIGH

mindspore 1.0.0-1.2.0 - Out-of-bounds Read in Transpose Operator Inference Shape Operation

Title source: llm
STIX 2.1

Description

When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0085
EPSS Percentile 53.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-125
Status published
Products (2)
mindspore/mindspore 0.7.0 beta
mindspore/mindspore 1.0.0 - 1.3.0
Published Jun 27, 2022
Tracked Since Feb 18, 2026