PT-2019-14829 · Google · Tensorflow

Mihaimaruseac

Publicado

2019-12-16

Atualizado

2021-10-29

CVE-2019-16778

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 1.15 TensorFlow versions prior to 2.0

Description A heap buffer overflow in UnsortedSegmentSum can occur when the Index template argument is int32, causing data size and num segments fields to be truncated from int64 to int32, potentially resulting in accessing out of bounds heap memory. This issue is unlikely to be exploitable and was detected and fixed internally.

Recommendations For versions prior to 1.15, update to TensorFlow 1.15 or later. For versions prior to 2.0, update to TensorFlow 2.0 or later.

Correção

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122CWE-681

Identificadores relacionados

CVE-2019-16778

GHSA-844W-J86R-4X2J

PYSEC-2019-209

PYSEC-2019-227

PYSEC-2019-234

Produtos afetados

Tensorflow

PT-2019-14829 · Google · Tensorflow

CVE-2019-16778

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13