Out-of-bounds write in TensorFlow - CVE-2019-16778
Published: December 16, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30549
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-16778
CWE-ID: CWE-787
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: TensorFlow
Affected software:
TensorFlow
TensorFlow
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.
How to mitigate CVE-2019-16778
Install update from vendor's website.