Veracode Vulnerability DatabaseVERACODE:37211Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.0005 Low
EPSS
Percentile
15.5%
tensorflow is vulnerable to denial of service. The vulnerability exists because the output_shape.AddDim function of avgpooling_op.cc does not properly check the ksize arguments, allowing an attacker to crash the application through the check failure
References
github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98
github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f
github.com/tensorflow/tensorflow/commit/86106fa653ade0dba77ff2029a3f3ffaeb8b8fbd
github.com/tensorflow/tensorflow/commit/e2c448fddfde7820dd530e84edf8152acb77efdc
github.com/tensorflow/tensorflow/commit/f322d33ed26f78b0ba242c90cf00d047e253c072
github.com/tensorflow/tensorflow/pull/57259
github.com/tensorflow/tensorflow/pull/57260
github.com/tensorflow/tensorflow/pull/57261
github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.0005 Low
EPSS
Percentile
15.5%