漏洞标题
Tensorflow中的内存用尽
漏洞描述信息
在TensorFlow中出现内存耗尽的情况
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
Memory exhaustion in Tensorflow
漏洞描述信息
Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
漏洞类别
N/A
漏洞标题
Google TensorFlow 输入验证错误漏洞
漏洞描述信息
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 Tensorflow 存在安全漏洞,该漏洞源于StringNGrams的实现可用于在整数溢出后导致内存不足的情况,从而触发拒绝服务攻击。
CVSS信息
N/A
漏洞类别
输入验证错误