CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
53.7%
A heap buffer overflow in UnsortedSegmentSum
can be produced when the Index
template argument is int32
. In this case data_size
and num_segments
fields are truncated from int64
to int32
and can produce negative numbers, resulting in accessing out of bounds heap memory.
This is unlikely to be exploitable and was detected and fixed internally. We are making the security advisory only to notify users that it is better to update to TensorFlow 1.15 or 2.0 or later as these versions already have this fixed.
Patched by db4f9717c41bccc3ce10099ab61996b246099892 and released in all official releases after 1.15 and 2.0.
Please consult SECURITY.md
for more information regarding the security model and how to contact us with issues and questions.
Vendor | Product | Version | CPE |
---|---|---|---|
tensorflow | gpu | * | cpe:2.3:a:tensorflow:gpu:*:*:*:*:*:*:*:* |
tensorflow | cpu | * | cpe:2.3:a:tensorflow:cpu:*:*:*:*:*:*:*:* |
tensorflow | tensorflow | * | cpe:2.3:a:tensorflow:tensorflow:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-844w-j86r-4x2j
github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md
github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892
github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j
nvd.nist.gov/vuln/detail/CVE-2019-16778
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
53.7%