Описание
Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected.
Ссылки
- ExploitThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.1 (исключая)
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00239
Низкий
5.9 Medium
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-754
Связанные уязвимости
CVSS3: 5.9
debian
около 4 лет назад
Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` ...
CVSS3: 5.9
github
почти 4 года назад
Crash due to erroneous `StatusOr` in TensorFlow
EPSS
Процентиль: 47%
0.00239
Низкий
5.9 Medium
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-754