Описание
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embedding_size and lookup_size are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version.
Ссылки
- ExploitThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.2 (включая)Версия от 2.6.0 (включая) до 2.6.2 (включая)
Одно из
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00517
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-190
CWE-190
Связанные уязвимости
CVSS3: 8.8
debian
около 4 лет назад
Tensorflow is an Open Source Machine Learning Framework. An attacker c ...
EPSS
Процентиль: 66%
0.00517
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-190
CWE-190