CVE-2018-7577 — Improper Input Validation in Google Tensorflow

CWE-20 — Improper Input Validation6 documents5 sources

Severity

8.1HIGHNVD

EPSS

0.2%

top 62.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Tensorflow Intel Optimization FOR Tensorflow Google Snappy

Timeline

PublishedApr 24

Latest updateApr 30

Description

Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶NVDgoogle/tensorflow< 1.7.1

▶NVDgoogle/snappy1.1.4

▶PyPIintel/optimization_for_tensorflow1.1.0 — 1.7.1+1

🔴Vulnerability Details

OSV

Improper Input Validation in Google TensorFlow↗2019-04-30

▶

GHSA

Improper Input Validation in Google TensorFlow↗2019-04-30

▶

OSV

CVE-2018-7577: Memcpy parameter overlap in Google Snappy library 1↗2019-04-24

▶

CVEList

CVE-2018-7577: Memcpy parameter overlap in Google Snappy library 1↗2019-04-24

▶

📋Vendor Advisories

Debian

CVE-2018-7577: tensorflow - Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google Tenso...↗2018

▶