Lucene search

China National Vulnerability DatabaseCNVD-2022-80680

HistoryNov 23, 2022 - 12:00 a.m.

Google TensorFlow buffer overflow vulnerability (CNVD-2022-80680)

2022-11-2300:00:00

China National Vulnerability Database

www.cnvd.org.cn

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

JSON

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in Google TensorFlow, which stems from tf.raw_ops.ResizeNearestNeighborGrad’s lack of length size validation of the input data. validation, an attacker could exploit the vulnerability by assigning a large siz that would cause an overflow problem.

CPENameOperatorVersion
google tensorflowlt2.8.4
google tensorflow >=2.9.0，lt2.9.3
google tensorflow >=2.10.0，lt2.10.1

Name	Operator	Version
google tensorflow	lt	2.8.4
google tensorflow >=2.9.0，	lt	2.9.3
google tensorflow >=2.10.0，	lt	2.10.1

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

JSON

Related for CNVD-2022-80680