漏洞标题
整数溢出在Tensorflow中
漏洞描述信息
Tensorflow中的整数溢出
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
漏洞类别
N/A
漏洞标题
Integer overflow in Tensorflow
漏洞描述信息
Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞类别
整数溢出或超界折返
漏洞标题
Google TensorFlow 输入验证错误漏洞
漏洞描述信息
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 Tensorflow 存在输入验证错误漏洞,攻击者可利用该漏洞创建一个包含足够多元素的张量的操作,那么 OpLevelCostEstimator::CalculateTensorSize 的实现很容易出现整数溢出。
CVSS信息
N/A
漏洞类别
输入验证错误