PT-2019-11100 · Google · Tensorflow+1

Published

2019-04-24

Updated

2019-04-30

CVE-2018-7577

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Google Snappy library version 1.1.4 Google TensorFlow versions prior to 1.7.1

Description: The issue is related to a memcpy parameter overlap in the Google Snappy library, which could result in a crash or allow reading from other parts of the process memory.

Recommendations: For Google Snappy library version 1.1.4, update to a version later than 1.1.4 to resolve the issue. For Google TensorFlow versions prior to 1.7.1, update to version 1.7.1 or later to fix the problem.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-7577

GHSA-QX2V-J445-G354

PYSEC-2019-207

PYSEC-2019-225

PYSEC-2019-232

Affected Products

Google Snappy

Tensorflow

PT-2019-11100 · Google · Tensorflow+1

CVE-2018-7577

Weakness Enumeration

Related Identifiers

Affected Products

References · 13