Lucene search

China National Vulnerability DatabaseCNVD-2022-87257

HistoryNov 23, 2022 - 12:00 a.m.

Google TensorFlow tf.raw_ops.FusedResizeAndPadConv2D buffer overflow vulnerability

2022-11-2300:00:00

China National Vulnerability Database

www.cnvd.org.cn

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

JSON

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to a buffer overflow vulnerability in versions prior to 2.7.4, 2.8.0 and later, 2.8.1, 2.9.0 and later, and 2.9.1. FusedResizeAndPadConv2D" lacks proper validation of user-supplied data, which can be exploited to cause a buffer overflow.

CPENameOperatorVersion
google tensorflowlt2.7.4
google tensorflow >=2.8.0，lt2.8.1
google tensorflow >=2.9.0，lt2.9.1

Name	Operator	Version
google tensorflow	lt	2.7.4
google tensorflow >=2.8.0，	lt	2.8.1
google tensorflow >=2.9.0，	lt	2.9.1

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

JSON

Related for CNVD-2022-87257