PT-2019-11100 · Google · Tensorflow+1

Publicado

2019-04-24

Atualizado

2019-04-30

CVE-2018-7577

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Google Snappy library version 1.1.4 Google TensorFlow versions prior to 1.7.1

Description: The issue is related to a memcpy parameter overlap in the Google Snappy library, which could result in a crash or allow reading from other parts of the process memory.

Recommendations: For Google Snappy library version 1.1.4, update to a version later than 1.1.4 to resolve the issue. For Google TensorFlow versions prior to 1.7.1, update to version 1.7.1 or later to fix the problem.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-7577

GHSA-QX2V-J445-G354

PYSEC-2019-207

PYSEC-2019-225

PYSEC-2019-232

Produtos afetados

Google Snappy

Tensorflow

PT-2019-11100 · Google · Tensorflow+1

CVE-2018-7577

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13