CVE-2019-16778 — CRITICAL (CVSS 9.8) AI Security Vulnerability

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
tensorflow	pip	< 1.15.0	`1.15.0`
tensorflow	pip	—	No patch
tensorflow-cpu	pip	< 1.15.0	`1.15.0`
tensorflow-gpu	pip	< 1.15.0	`1.15.0`

Severity & Risk

CVSS 3.1

9.8 / 10

EPSS

0.3%

chance of exploitation in 30 days

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

Patch available

Update tensorflow to version 1.15.0

Update tensorflow-cpu to version 1.15.0

Update tensorflow-gpu to version 1.15.0

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.

Weaknesses (CWE)

CWE-122 Heap-based Buffer Overflow Primary CWE-681 Primary CWE-681 Incorrect Conversion between Numeric Types Primary CWE-122

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Timeline

Published

December 16, 2019

Last Modified

November 21, 2024

First Seen

December 16, 2019