Описание
In Tensorflow before version 2.4.0, when the boxes argument of tf.image.crop_and_resize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.
Ссылки
- ExploitPatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.0 (исключая)
cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*
EPSS
Процентиль: 33%
0.00129
Низкий
3.7 Low
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-119
CWE-119
Связанные уязвимости
CVSS3: 3.7
debian
больше 5 лет назад
In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.i ...
EPSS
Процентиль: 33%
0.00129
Низкий
3.7 Low
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-119
CWE-119