Veracode Vulnerability DatabaseVERACODE:35652Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.7%
tensorflow is vulnerable to denial of service. Failure to check the input to tf.raw_ops.LSTMBlockCell to validate ranks of any of the API call arguments causes a CHECK-failure , triggering a denial of service attack.
References
github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/rnn/lstm_ops.cc
github.com/tensorflow/tensorflow/commit/803404044ae7a1efac48ba82d74111fce1ddb09a
github.com/tensorflow/tensorflow/releases/tag/v2.6.4
github.com/tensorflow/tensorflow/releases/tag/v2.7.2
github.com/tensorflow/tensorflow/releases/tag/v2.8.1
github.com/tensorflow/tensorflow/releases/tag/v2.9.0
github.com/tensorflow/tensorflow/security/advisories/GHSA-2vv3-56qg-g2cf
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.7%