AI Threat Alert
Published April 23, 2019
Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| tensorflow | pip | >= 1.5.0, < 1.7.1 | 1.7.1 |
| tensorflow | pip | — | No patch |
| tensorflow-gpu | pip | >= 1.5.0, < 1.7.1 | 1.7.1 |
Severity & Risk
CVSS 3.1
8.8 / 10
EPSS
0.2%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A
Recommended Action
Patch available
Update tensorflow to version 1.7.1
Update tensorflow-gpu to version 1.7.1
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).
Weaknesses (CWE)
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H References
- github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-003.md Patch 3rd Party
- github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-003.md Patch 3rd Party
- github.com/advisories/GHSA-frxx-2m33-6wcr
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2019-226.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2019-233.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2019-208.yaml
- github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-003.md
- github.com/tensorflow/tensorflow/commit/41335abb46f80ca644b5738550daef6136ba5476
- github.com/tensorflow/tensorflow/commit/8badd11d875a826bd318ed439909d5c47a7fb811
- nvd.nist.gov/vuln/detail/CVE-2018-8825
Timeline
Published
April 23, 2019
Last Modified
November 21, 2024
First Seen
April 23, 2019