From a5b3a65aef5eadc406e52f9205fc762153ca594c Mon Sep 17 00:00:00 2001 From: Vigi Zhang Date: Wed, 7 Dec 2022 20:13:15 +0800 Subject: [PATCH] assign cve number to pdsa, test=document_fix (#48846) --- security/advisory/pdsa-2022-001.md | 4 ++++ security/advisory/pdsa-2022-001_cn.md | 4 ++++ security/advisory/pdsa-2022-002.md | 4 ++++ security/advisory/pdsa-2022-002_cn.md | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/security/advisory/pdsa-2022-001.md b/security/advisory/pdsa-2022-001.md index 7b409020abb..596b314e749 100644 --- a/security/advisory/pdsa-2022-001.md +++ b/security/advisory/pdsa-2022-001.md @@ -1,5 +1,9 @@ ## PDSA-2022-001: OOB read in gather_tree +### CVE Number + +CVE-2022-46741 + ### Impact The PoC is as follows: diff --git a/security/advisory/pdsa-2022-001_cn.md b/security/advisory/pdsa-2022-001_cn.md index ce5f4e3cf4d..60e428e2add 100644 --- a/security/advisory/pdsa-2022-001_cn.md +++ b/security/advisory/pdsa-2022-001_cn.md @@ -1,5 +1,9 @@ ## PDSA-2022-001: OOB read in gather_tree +### CVE编号 + +CVE-2022-46741 + ### 影响 PoC如下: diff --git a/security/advisory/pdsa-2022-002.md b/security/advisory/pdsa-2022-002.md index efb8e931722..a3171eab747 100644 --- a/security/advisory/pdsa-2022-002.md +++ b/security/advisory/pdsa-2022-002.md @@ -1,5 +1,9 @@ ## PDSA-2022-002: Code injection in paddle.audio.functional.get_window +### CVE Number + +CVE-2022-46742 + ### Impact `paddle.audio.functional.get_windowis` vulnerable to a code injection as it calls `eval` on user supplied `winstr`. This may lead to arbitrary code execution. diff --git a/security/advisory/pdsa-2022-002_cn.md b/security/advisory/pdsa-2022-002_cn.md index 84fc365fbbc..f2d7ca9c865 100644 --- a/security/advisory/pdsa-2022-002_cn.md +++ b/security/advisory/pdsa-2022-002_cn.md @@ -1,5 +1,9 @@ ## PDSA-2022-002: Code injection in paddle.audio.functional.get_window +### CVE编号 + +CVE-2022-46742 + ### 影响 `paddle.audio.functional.get_window`由于使用`eval`用户提供的参数`winstr`而存在代码注入漏洞,将导致任意代码执行。 -- GitLab