CVE-2025-0649Stack-based Buffer Overflow in Google Tensorflow

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
8.9HIGHNVD
EPSS
0.1%
top 65.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google TensorflowGoogle Tensorflow Serving
Timeline
PublishedMay 6

Description

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Packages2 packages

CVEListV5google/tensorflow2.18.0

Patches

Patch: github.com

🔴Vulnerability Details

3
OSV
CVE-2025-0649: Incorrect JSON input stringification in Google's Tensorflow serving versions up to 22025-05-06
GHSA
GHSA-h488-5g2w-vhxr: Incorrect JSON input stringification in Google's Tensorflow serving versions up to 22025-05-06
CVEList
Stack Exhaustion In Tensorflow Serving2025-05-06
CVE-2025-0649 — Stack-based Buffer Overflow in Google | cvebase