CVE-2018-21233
published 2020-05-04CVE-2018-21233: TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tensorflow | — | — |
| tensorflow | < 1.7.0 | 1.7.0 | |
| intel | optimization_for_tensorflow | >= 0 < 1.7.0 | 1.7.0 |
| intel | optimization_for_tensorflow | >= 0 < 49f73c55d56edffebde4bca4a407ad69c1cae433 | 49f73c55d56edffebde4bca4a407ad69c1cae433 |
Debian
CVE-2018-21233: tensorflow - TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds rea...
vendor_debian·2018·CVSS 6.5
CVE-2018-21233 [MEDIUM] CVE-2018-21233: tensorflow - TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds rea...
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.
Scope: local
forky: resolved
sid: resolved
OSV
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.
osv·2020-05-13
CVE-2018-21233 [HIGH] Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in `core/kernels/decode_bmp_op.cc`.
GHSA
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.
ghsa·2020-05-13
CVE-2018-21233 [HIGH] CWE-125 Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in `core/kernels/decode_bmp_op.cc`.
OSV
CVE-2018-21233: TensorFlow before 1
osv·2020-05-04
CVE-2018-21233 CVE-2018-21233: TensorFlow before 1
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.mdhttps://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.mdhttps://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433
2020-05-04
Published