PT-2019-14829 · Google · Tensorflow

Mihaimaruseac

Published

2019-12-16

Updated

2021-10-29

CVE-2019-16778

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 1.15 TensorFlow versions prior to 2.0

Description A heap buffer overflow in UnsortedSegmentSum can occur when the Index template argument is int32, causing data size and num segments fields to be truncated from int64 to int32, potentially resulting in accessing out of bounds heap memory. This issue is unlikely to be exploitable and was detected and fixed internally.

Recommendations For versions prior to 1.15, update to TensorFlow 1.15 or later. For versions prior to 2.0, update to TensorFlow 2.0 or later.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-681

Related Identifiers

CVE-2019-16778

GHSA-844W-J86R-4X2J

PYSEC-2019-209

PYSEC-2019-227

PYSEC-2019-234

Affected Products

Tensorflow

PT-2019-14829 · Google · Tensorflow

CVE-2019-16778

Weakness Enumeration

Related Identifiers

Affected Products

References · 13