Lucene search

China National Vulnerability DatabaseCNVD-2023-10602

HistorySep 20, 2022 - 12:00 a.m.

Google TensorFlow AvgPoolOp Denial of Service Vulnerability

2022-09-2000:00:00

China National Vulnerability Database

www.cnvd.org.cn

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

JSON

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the AvgPoolOp function accepting a parameter ksize , which must be positive but is not checked. An attacker could exploit the vulnerability to trigger a denial-of-service attack with a negative ksize.

CPENameOperatorVersion
google tensorflow >=2.8.0，lt2.8.1
google tensorflow >=2.9.0，lt2.9.1
google tensorflow >=2.7.0，lt2.7.2

Name	Operator	Version
google tensorflow >=2.8.0，	lt	2.8.1
google tensorflow >=2.9.0，	lt	2.9.1
google tensorflow >=2.7.0，	lt	2.7.2

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

JSON

Related for CNVD-2023-10602