Skip to content

P
Paddle

PaddlePaddle / Paddle
大约 1 年 前同步成功

通知 2298
Star 20931
Fork 5422
P
Paddle
切换分支/标签
查找文件 普通视图历史永久链接Permalink
pdsa-2022-002.md 1.1 KB
Newer Older
V
add pdsa-2022-002 (#47486)  
Vigi Zhang 已提交
1 2 
## PDSA-2022-002: Code injection in paddle.audio.functional.get_window
V
assign cve number to pdsa, test=document_fix (#48846)  
Vigi Zhang 已提交
3 4 5 6 
### CVE Number

CVE-2022-46742
V
add pdsa-2022-002 (#47486)  
Vigi Zhang 已提交
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 
### Impact

`paddle.audio.functional.get_windowis` vulnerable to a code injection as it calls `eval` on user supplied `winstr`. This may lead to arbitrary code execution.

```python
def get_window(
    window: Union[str, Tuple[str, float]],
    win_length: int,
    fftbins: bool = True,
    dtype: str = 'float64',
) -> Tensor:
    ...
    try:
        winfunc = eval('_' + winstr)
    except NameError as e:
        raise ValueError("Unknown window type.") from e
```

### Patches

We have patched the issue in commit [26c419ca386aeae3c461faf2b828d00b48e908eb](https://github.com/PaddlePaddle/Paddle/commit/26c419ca386aeae3c461faf2b828d00b48e908eb).

The fix will be included in PaddlePaddle 2.4.

### For more information

Please consult [our security guide](../../SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.

### Attribution

This vulnerability has been reported by Tong Liu of ShanghaiTech University.