GHSA-q492-f7gr-27rp

Suggest an improvement
Source
https://github.com/advisories/GHSA-q492-f7gr-27rp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-q492-f7gr-27rp/GHSA-q492-f7gr-27rp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-q492-f7gr-27rp
Aliases
Published
2019-04-30T15:37:31Z
Modified
2024-02-16T08:18:32.533608Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
Details

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.

References

Affected packages

PyPI / tensorflow

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.1.0
Fixed
1.7.1

Affected versions

1.*

1.1.0
1.2.0
1.2.1
1.3.0
1.4.0
1.4.1
1.5.0
1.5.1
1.6.0
1.7.0