CVE-2018-10055: Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other…

CVE-2018-10055 [HIGH] Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.

CVE-2018-10055 [HIGH] CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.

CVE-2018-10055 CVE-2018-10055: Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1 Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.

CVE-2018-10055 [HIGH] CVE-2018-10055: tensorflow - Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compil... Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file. Scope: local forky: resolved sid: resolved

On managing vulnerabilities in AI/ML systems On managing vulnerabilities in AI/ML systems Jonathan M. Spring jspring AT sei dot cmu dot edu 0000-0001-9356-219X CERT Coordination Center\ Engineering Institute\ Mellon University Pittsburgh PA 15213 April Galyardt Software Engineering Institute\ Mellon University Pittsburgh PA 15213 Allen D. Householder 0000-0001-8970-4108 CERT Coordination Center\ Engineering Institute\ Mellon University Pittsburgh PA 15213 Nathan VanHoudnos Software Engineering Institute\ Mellon University Pittsburgh PA 15213 Spring, Galyardt, Householder, and VanHoudnos ## Abstract This paper explores how the current paradigm of vulnerability management might adapt to include machine learning systems through a thought experiment: what if flaws in *ML were assigned *CVE-ID? We consider both *ML algorithms a