Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory. · CVE-2018-21233 · GitHub Advisory Database · GitHub

Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.

Moderate severity GitHub Reviewed Published May 13, 2020 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

tensorflow (pip)

Affected versions

< 1.7.0

Patched versions

1.7.0

Description

TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.

References

Reviewed May 13, 2020

Published to the GitHub Advisory Database May 13, 2020

Last updated Jan 9, 2023

Severity

Moderate

6.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N