PT-2019-12048 · Sony · Sony Neural Network Libraries

Publicado

2019-04-04

Atualizado

2022-05-13

CVE-2019-10844

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sony Neural Network Libraries (aka nnabla) versions prior to 1.0.14

Description The issue arises from the reliance on the HOME environment variable, which might be untrusted, in the nbla/logger.cpp file within libnnabla.a. This could potentially lead to security issues due to the variable's untrusted nature.

Recommendations For versions prior to 1.0.14, update to version 1.0.14 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-807

Identificadores relacionados

CVE-2019-10844

GHSA-4Q2W-RW7M-XQW6

PYSEC-2019-107

Produtos afetados

Sony Neural Network Libraries

PT-2019-12048 · Sony · Sony Neural Network Libraries

CVE-2019-10844

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11