Lucene search

K

Veracode Vulnerability DatabaseVERACODE:38159

HistoryNov 22, 2022 - 10:57 a.m.

Denial Of Service (DoS)

2022-11-2210:57:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

tensorflow

vulnerability

denial of service

improper validation

user inputs

dense features

example state data

sdca optimizer

check fail

EPSS

0.001

Percentile

42.0%

tensorflow is vulnerable to denial of service (DoS) attacks. An attacker is able to cause denial of service conditions due to improper validation of user Inputs, dense_features and example_state_data, resulting in a CHECK fail in SdcaOptimizer.

References

github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc

github.com/tensorflow/tensorflow/commit/0c8d0b9783f7863166bafe02b230dd49bdb626fa

github.com/tensorflow/tensorflow/commit/1377b37f0cdfa2dc411d6e7e29a25b0b2e257cfb

github.com/tensorflow/tensorflow/commit/216f90057f230109b9f637d99e8996ef5827fed0

github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa

github.com/tensorflow/tensorflow/pull/58233

github.com/tensorflow/tensorflow/pull/58235

github.com/tensorflow/tensorflow/pull/58236

github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2

EPSS

0.001

Percentile

42.0%

Related for VERACODE:38159

osv3 prion1 cvelist1 github1 nvd1 cbl_mariner1 nessus3 cnvd1 cve1 ibm4