Veracode Vulnerability DatabaseVERACODE:38137Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
44.0%
tensorflow is vulnerable to denial of service. The vulnerability exists in the BinaryFunctor function of cwise_ops_common.h due to a size mismatch during broadcast assignment which allows an attacker to cause an application crash by providing malicious input.
References
github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h
github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py
github.com/tensorflow/tensorflow/commit/0552149997f87278ee4862ab777960b8f8af88a5
github.com/tensorflow/tensorflow/commit/6a8d8997da7cbd503478998666f8397839a55ee8
github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c
github.com/tensorflow/tensorflow/pull/58249
github.com/tensorflow/tensorflow/pull/58250
github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
44.0%