CVE-2018-21233 — Out-of-bounds Read in Google Tensorflow

CWE-125 — Out-of-bounds Read6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 67.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Tensorflow Intel Optimization FOR Tensorflow

Timeline

PublishedMay 4

Latest updateMay 13

Description

TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDgoogle/tensorflow< 1.7.0

▶PyPIintel/optimization_for_tensorflow< 1.7.0+1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.↗2020-05-13

▶

GHSA

Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.↗2020-05-13

▶

OSV

CVE-2018-21233: TensorFlow before 1↗2020-05-04

▶

CVEList

CVE-2018-21233: TensorFlow before 1↗2020-05-04

▶

📋Vendor Advisories

Debian

CVE-2018-21233: tensorflow - TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds rea...↗2018

▶