{"id":"GHSA-q492-f7gr-27rp","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow","details":"Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.","aliases":["CVE-2018-10055","PYSEC-2019-204","PYSEC-2019-222","PYSEC-2019-229"],"modified":"2024-10-28T14:34:46.932897Z","published":"2019-04-30T15:37:31Z","database_specific":{"nvd_published_at":"2019-04-24T17:29:00Z","github_reviewed_at":"2019-04-30T15:15:53Z","github_reviewed":true,"cwe_ids":["CWE-119"],"severity":"HIGH"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10055"},{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/commit/c89ab82a82585cdaa90bf4911980e9e845909e78"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-q492-f7gr-27rp"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2019-222.yaml"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2019-229.yaml"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2019-204.yaml"},{"type":"PACKAGE","url":"https://github.com/tensorflow/tensorflow"},{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-006.md"}],"affected":[{"package":{"name":"tensorflow","ecosystem":"PyPI","purl":"pkg:pypi/tensorflow"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.1.0"},{"fixed":"1.7.1"}]}],"versions":["1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-q492-f7gr-27rp/GHSA-q492-f7gr-27rp.json"}},{"package":{"name":"tensorflow-gpu","ecosystem":"PyPI","purl":"pkg:pypi/tensorflow-gpu"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.1.0"},{"fixed":"1.7.1"}]}],"versions":["1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-q492-f7gr-27rp/GHSA-q492-f7gr-27rp.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"}]}