Описание
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Ссылки
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.15.4 (исключая)Версия от 2.0.0 (включая) до 2.0.3 (исключая)Версия от 2.1.0 (включая) до 2.1.2 (исключая)Версия от 2.2.0 (включая) до 2.2.1 (исключая)Версия от 2.3.0 (включая) до 2.3.1 (исключая)
Одно из
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
Конфигурация 2
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00329
Низкий
6.5 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-20
CWE-787
Связанные уязвимости
CVSS3: 6.5
debian
больше 5 лет назад
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...
EPSS
Процентиль: 55%
0.00329
Низкий
6.5 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-20
CWE-787