漏洞标题
TensorFlow Lite中的`scatter_nd`操作中的越界写入
漏洞描述信息
TensorFlow Lite中的`scatter_nd`操作越界写入
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Out of bounds write in `scatter_nd` op in TensorFlow Lite
漏洞描述信息
TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have patched the issue in GitHub commit b4d4b4cb019bd7240a52daa4ba61e3cc814f0384. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
漏洞类别
跨界内存写
漏洞标题
Google TensorFlow 缓冲区错误漏洞
漏洞描述信息
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 Google TensorFlow 存在缓冲区错误漏洞,该漏洞源于 ScatterNd 函数接受一个输入参数,该参数确定输出张量的索引。大于输出张量或小于零的输入索引将在错误的索引处写入内容或触发崩溃。该漏洞将在 2.10.0 版本, 2.9.1 版本, 2.8.1 版本, 2.7.2 版本中得到修复。
CVSS信息
N/A
漏洞类别
缓冲区错误