Описание
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.
Ссылки
- ExploitPatch
- Patch
- ExploitPatch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 2.12.0 (исключая)
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01611
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-122
Связанные уязвимости
CVSS3: 9.8
debian
почти 3 года назад
TensorFlow is an open source platform for machine learning. Attackers ...
CVSS3: 9.8
github
почти 3 года назад
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
EPSS
Процентиль: 81%
0.01611
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-122