{"id":"PYSEC-2026-441","summary":"PaddlePaddle Out-of-bounds Read vulnerability","details":"Out-of-bounds read in `gather_tree` in PaddlePaddle before 2.4. A [patch](https://github.com/PaddlePaddle/Paddle/commit/6712e262fc6734873cc6d5ca4f45973339a88697) is available in the `release/2.4` branch.","aliases":["CVE-2022-46741","GHSA-2hvc-hwg3-hpvw"],"modified":"2026-07-01T20:22:59.721245Z","published":"2026-06-29T11:50:34.051020Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46741"},{"type":"WEB","url":"https://github.com/PaddlePaddle/Paddle/pull/47051"},{"type":"WEB","url":"https://github.com/PaddlePaddle/Paddle/commit/6712e262fc6734873cc6d5ca4f45973339a88697"},{"type":"WEB","url":"https://github.com/PaddlePaddle/Paddle/commit/ee6e6d511f9f33fc862c11722701fb5abb99ed94"},{"type":"PACKAGE","url":"https://github.com/PaddlePaddle/Paddle"},{"type":"WEB","url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-001.md"},{"type":"PACKAGE","url":"https://pypi.org/project/paddlepaddle"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-2hvc-hwg3-hpvw"}],"affected":[{"package":{"name":"paddlepaddle","ecosystem":"PyPI","purl":"pkg:pypi/paddlepaddle"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4"}]}],"versions":["1.8.5"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/paddlepaddle/PYSEC-2026-441.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}