Описание
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a null pointer but GetTensorData assumes that the argument is always a valid tensor. Furthermore, because GetVariableInput calls GetMutableInput which might return nullptr, the tensor->is_variable expression can also trigger a null pointer exception. We have patched the issue in GitHub commit 5b048e87e4e55990dae6b547add4dae59f4e1c76. The fix will be included in TensorF
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.3.0 (включая) до 2.3.4 (исключая)Версия от 2.4.0 (включая) до 2.4.3 (исключая)
Одно из
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.6.0:rc0:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.6.0:rc2:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00037
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-476
Связанные уязвимости
CVSS3: 7.8
debian
больше 4 лет назад
TensorFlow is an end-to-end open source platform for machine learning. ...
EPSS
Процентиль: 11%
0.00037
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-476