Veracode Vulnerability DatabaseVERACODE:38173Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
44.1%
tensorflow is vulnerable to denial of service. The vulnerability is due to the DynamicStitch operation in the FingerprintCat128 function of execute.cc, which does not properly match the op input sizes, allowing an attacker to crash the application.
References
github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/dynamic_stitch_op.cc
github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/data_flow_ops.cc
github.com/tensorflow/tensorflow/commit/1bd22f0f9a64a92554eae8b0579f92479df8d006
github.com/tensorflow/tensorflow/commit/8d24586b15afa963e93b85705fd153e24197b893
github.com/tensorflow/tensorflow/commit/f5381e0e10b5a61344109c1b7c174c68110f7629
github.com/tensorflow/tensorflow/commit/fff989eab57a66970fff8e05956f320c9310917d
github.com/tensorflow/tensorflow/pull/58056
github.com/tensorflow/tensorflow/pull/58058
github.com/tensorflow/tensorflow/pull/58059
github.com/tensorflow/tensorflow/security/advisories/GHSA-w58w-79xv-6vcj
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
44.1%