PT-2019-8742 · Google · Tensorflow

Published

2019-04-24

·

Updated

2019-04-30

·

CVE-2018-10055

CVSS v3.1

8.1

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Google TensorFlow versions prior to 1.7.1
Description The issue is related to invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler. This could cause a crash or allow reading from other parts of the process memory via a crafted configuration file.
Recommendations For versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2018-10055
GHSA-Q492-F7GR-27RP
PYSEC-2019-204
PYSEC-2019-222
PYSEC-2019-229

Affected Products

Tensorflow