CNNVD-202512-4079 Information

CNNVD ID

CNNVD-202512-4079

Related CVE

CVE-2025-13706

• CNNVD Published: 2025-12-23

Description (Chinese)

Tencent PatrickStar是中国腾讯（Tencent）公司的一款分布式深度学习训练框架。 Tencent PatrickStar存在代码问题漏洞，该漏洞源于merge_checkpoint端点缺乏对用户提供数据的验证，可能导致反序列化不可信数据和远程代码执行。

Description (English)

Tencent Patrick Star is a distributed in-depth learning training framework for Tencent. Tencent Patrickstar has a code problem loophole, which stems from the lack of validation of data provided by users at the merge checkpoint endpoint, which may lead to antisequencing untrustworthy data and remote code execution.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

腾讯

Published

2025-12-23

Last Modified

2026-02-24

References

https://github.com/Tencent/PatrickStar/commit/2384535503ea98cfe35ad04e20c0cfc7bf58d5d7 https://www.zerodayinitiative.com/advisories/ZDI-25-1034/

Patch

https://github.com/Tencent/PatrickStar