CVE-2019-16778

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-16778

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16778.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-16778

Aliases

Related

GHSA-844w-j86r-4x2j

Published

2019-12-16T21:15:11.403Z

Modified

2026-04-11T12:42:16.974659Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case datasize and numsegments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type

GIT

Repo

https://github.com/tensorflow/tensorflow

Events

Introduced

07bb8ea2379bd459832b23951fb20ec47f3fdbd4

Fixed

590d6eef7e91a6a7392c8ffffb7b58f2e0c8bc6b

Fixed

db4f9717c41bccc3ce10099ab61996b246099892

Database specific

{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "1.15.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16778.json"

vanir_signatures

[
    {
        "digest": {
            "length": 587.0,
            "function_hash": "266894416459361751620089497165734716131"
        },
        "id": "CVE-2019-16778-3e415c80",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892",
        "target": {
            "function": "UnsortedSegmentCustomKernel",
            "file": "tensorflow/core/kernels/segment_reduction_ops_gpu.cu.cc"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "6331943894980170858317685863833019921",
                "214045140222777259402560935204409547022",
                "325949159944068704645175937099705523434",
                "217103848399254908549452665988682354306",
                "36609377068039595622747933847199008210",
                "303981863166469280781391800200062441955",
                "135573884173473358802937650600170517754"
            ]
        },
        "id": "CVE-2019-16778-4e560553",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892",
        "target": {
            "file": "tensorflow/core/kernels/segment_reduction_ops.h"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "235808693327189569773861597970002535008",
                "233840798026001491035449614171210650261",
                "297236745294115179364218354575228198905",
                "217103848399254908549452665988682354306",
                "138171583532476712804643446649285637055",
                "131438787052235017093187079144201496341",
                "217587043612413161713395564627822427757",
                "53898417695724250738386203698104109303",
                "231774044929129441942408657734919873581",
                "140085148330711797794822886821193955800",
                "15495048468221142250885038703526623930",
                "224724561869747404585048890080141808440",
                "35978388368913015282323042689977567452",
                "101151445395358462602359746539746681306",
                "307500103657767808926503624762076338352",
                "80536324588068045439065565551699926686",
                "209722453098834018287566370706714234702",
                "83735232936593708566606704657904030171",
                "314847732684356313379879494794964162171",
                "105669561747146498072531413962649791404",
                "172522443652807291382493424283539300604",
                "179629018600915798836450332928215706766",
                "62604986084811498261860577393949968283",
                "28615251482390868241522251138091267201",
                "84524174550741019855421470326922165764",
                "109034631481903650929940682251329303444",
                "143075626819419434934623976388550016838",
                "64740571689536485805738928248049143986",
                "30327033083339852320058392098391597674"
            ]
        },
        "id": "CVE-2019-16778-586ec0b3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892",
        "target": {
            "file": "tensorflow/core/kernels/segment_reduction_ops.cc"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "241834037666819623320381953616657334415",
                "90585862458611126869396751146719075224",
                "284872941290040171933256608605664435682",
                "245293425034819623005819707696611218443",
                "239371226030914074137771114425101515639",
                "111607732684104047069398367905718721602",
                "255157576971051492744535599527380196849",
                "127353723193930900676794857139839437423",
                "270038944708426845955823256494207787275",
                "186210706438643820419605026626225513271",
                "195993372722558603778323033966360693538",
                "128526609872678751648941912773596740388",
                "32042473063003910688910450257822399593",
                "316191027526243402032719468774352395646",
                "23743177690187600005788207380750594215",
                "294443632435942355517383844715153726745",
                "198653707757938920082634171977107565854",
                "25438555418510026969656707757172142427",
                "209584356186833386283873667078455028045",
                "80544102889775894229518500146424714561",
                "117099923301638954517171633816362339360",
                "217103848399254908549452665988682354306",
                "138171583532476712804643446649285637055",
                "291877326891371503454283783598949437601",
                "164966773204095387073122954974107991607",
                "192173673991019347476596747105667313908",
                "319670334364595086588422219931456447943",
                "92539266289901056658407397414959215628",
                "171650989323595829624457831776727401695",
                "327747886273491899192655896882347191672",
                "201095175880604228994003679729554042810",
                "191470641991708592979612823657418492473",
                "70168493943418284232543547624190868968",
                "76017820953141862933367634066537409660",
                "242227575524681261580486205135821626686",
                "335358723786867363265519041459636314861",
                "16070661091722372647900024146014514860",
                "123141785934739425068917517220333006988",
                "152544555879643756162346618460030209319",
                "337318988659652004145975253244355674786"
            ]
        },
        "id": "CVE-2019-16778-658cad4b",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892",
        "target": {
            "file": "tensorflow/core/kernels/segment_reduction_ops_gpu.cu.cc"
        }
    }
]

vanir_signatures_modified

"2026-04-11T12:42:16Z"