7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
21.7%
tensorflow is vulnerable to denial of service (DoS) attacks. An attacker is able to cause denial of service conditions via providing a large input size
through tf.raw_ops.ResizeNearestNeighborGrad
, causing buffer overflows.
github.com/advisories/GHSA-368v-7v32-52fx
github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc
github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624
github.com/tensorflow/tensorflow/commit/36df7362a299f10df62395915d1c1570783da54b
github.com/tensorflow/tensorflow/commit/5fd09dfa978500839865a1f2d77f5c0fc1a3ab96
github.com/tensorflow/tensorflow/commit/bbe35ceb7ba7932fcfcb0363992ade76a340f8af
github.com/tensorflow/tensorflow/pull/57995
github.com/tensorflow/tensorflow/pull/57996
github.com/tensorflow/tensorflow/pull/57997
github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
21.7%