Veracode Vulnerability DatabaseVERACODE:38162Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
21.7%
tensorflow is vulnerable to denial of service (DoS) attacks. An attacker is able to cause denial of service conditions via providing a large input size through tf.raw_ops.ResizeNearestNeighborGrad, causing buffer overflows.
References
github.com/advisories/GHSA-368v-7v32-52fx
github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc
github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624
github.com/tensorflow/tensorflow/commit/36df7362a299f10df62395915d1c1570783da54b
github.com/tensorflow/tensorflow/commit/5fd09dfa978500839865a1f2d77f5c0fc1a3ab96
github.com/tensorflow/tensorflow/commit/bbe35ceb7ba7932fcfcb0363992ade76a340f8af
github.com/tensorflow/tensorflow/pull/57995
github.com/tensorflow/tensorflow/pull/57996
github.com/tensorflow/tensorflow/pull/57997
github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
21.7%