CVE-2019-16778 — Heap-based Buffer Overflow in Tensorflow

CWE-122 — Heap-based Buffer Overflow CWE-681 — Incorrect Conversion between Numeric Types6 documents5 sources

Severity

9.8CRITICALNVD

CNA2.6

EPSS

0.3%

top 44.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tensorflow Google Tensorflow Intel Optimization FOR Tensorflow

Timeline

PublishedDec 16

Description

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDgoogle/tensorflow1.0.0 — 1.15.0

▶CVEListV5tensorflow/tensorflow< 1.15

▶PyPIintel/optimization_for_tensorflow1.0.0 — 1.15.0+2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow↗2019-12-16

▶

OSV

Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow↗2019-12-16

▶

GHSA

Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow↗2019-12-16

▶

OSV

CVE-2019-16778: In TensorFlow before 1↗2019-12-16

▶

📋Vendor Advisories

Debian

CVE-2019-16778: tensorflow - In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be p...↗2019

▶