CVE-2019-16778
Vulnerability from cvelistv5
Published
2019-12-16 20:15
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
0.33%
(0.5252)
Summary
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Version: < 1.15 < 1.15 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:24:48.540Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tensorflow", vendor: "tensorflow", versions: [ { lessThan: "1.15", status: "affected", version: "< 1.15", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-16T20:15:14", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md", }, ], source: { advisory: "GHSA-844w-j86r-4x2j", discovery: "UNKNOWN", }, title: "Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2019-16778", STATE: "PUBLIC", TITLE: "Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "tensorflow", version: { version_data: [ { version_affected: "<", version_name: "< 1.15", version_value: "1.15", }, ], }, }, ], }, vendor_name: "tensorflow", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-122 Heap-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j", refsource: "CONFIRM", url: "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j", }, { name: "https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892", refsource: "MISC", url: "https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892", }, { name: "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md", refsource: "MISC", url: "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md", }, ], }, source: { advisory: "GHSA-844w-j86r-4x2j", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2019-16778", datePublished: "2019-12-16T20:15:14", dateReserved: "2019-09-24T00:00:00", dateUpdated: "2024-08-05T01:24:48.540Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2019-16778\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2019-12-16T21:15:11.403\",\"lastModified\":\"2024-11-21T04:31:10.367\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.\"},{\"lang\":\"es\",\"value\":\"En TensorFlow versiones anteriores a 1.15, un desbordamiento de búfer de la pila puede ser producido en la función UnsortedSegmentSum cuando el argumento de la plantilla Index es int32. En este caso, los campos data_size y num_segments son truncados de int64 hasta int32 y pueden producir números negativos, resultando en el acceso a la memoria de la pila fuera de los límites. Es poco probable que sea explotable y se detectó y reparó internamente en TensorFlow versiones 1.15 y 2.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L\",\"baseScore\":2.6,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-681\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndExcluding\":\"1.15.0\",\"matchCriteriaId\":\"4E5F862F-CC11-42FE-ABC5-AA63A003E6FF\"}]}]}],\"references\":[{\"url\":\"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.