← Volver a CVEs
CVE-2019-16778
LOW2.6
Descripcion
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.
Detalles CVE
Puntuacion CVSS v3.12.6
SeveridadLOW
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado12/16/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
google:tensorflow
Debilidades (CWE)
CWE-122CWE-681
Referencias
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md(security-advisories@github.com)
https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892(security-advisories@github.com)
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j(security-advisories@github.com)
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.