CVE-2018-21233

Опубликовано: 04 мая 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.

Ссылки

https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

Версия до 1.7.0 (исключая)

EPSS

Процентиль: 32%

0.00128

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2018-21233

CVSS3: 6.5

debian

почти 6 лет назад

TensorFlow before 1.7.0 has an integer overflow that causes an out-of- ...

GHSA-h98h-8mxr-m8gx

CVSS3: 6.5

github

больше 5 лет назад

Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.

EPSS

Процентиль: 32%

0.00128

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125