Lucene search

Veracode Vulnerability DatabaseVERACODE:37209

HistorySep 21, 2022 - 3:25 a.m.

Denial Of Service (DoS)

2022-09-2103:25:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

vulnerability

tensorflow

searchsorted_op.cc

malicious input

application crash

EPSS

0.001

Percentile

35.2%

JSON

tensorflow is vulnerable to denial of service. The vulnerability exists in the multiple functions in searchsorted_op.cc due to an empty sorted_inputs which allows an attacker to cause an application crash by providing malicious input.

References

github.com/advisories/GHSA-qxpx-j395-pw36

github.com/tensorflow/tensorflow/commit/9b3f2fb37457ff62340293b0813714b09eebcab0

github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea

github.com/tensorflow/tensorflow/commit/e642bcc4f8186a60b3eff8830444f02d2e949983

github.com/tensorflow/tensorflow/commit/f1a74b3fcfd6ad99bb6a3a2e70abeea47e609d77

github.com/tensorflow/tensorflow/pull/57258

github.com/tensorflow/tensorflow/pull/57418

github.com/tensorflow/tensorflow/pull/57419

github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36

EPSS

0.001

Percentile

35.2%

JSON

Related for VERACODE:37209