Bug 1159338 (CVE-2019-16778)

Summary: VUL-1: CVE-2019-16778: tensorflow: heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32
Product: [openSUSE] openSUSE Tumbleweed Reporter: Alexandros Toptsoglou <atoptsoglou>
Component: SecurityAssignee: Christian Goll <cgoll>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: guillaume.gardet
Version: Current   
Target Milestone: Current   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/249132/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexandros Toptsoglou 2019-12-17 09:05:05 UTC
CVE-2019-16778

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be
produced when the Index template argument is int32. In this case data_size and
num_segments fields are truncated from int64 to int32 and can produce negative
numbers, resulting in accessing out of bounds heap memory. This is unlikely to
be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16778
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j
https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md
Comment 1 Swamp Workflow Management 2020-03-20 08:40:13 UTC
This is an autogenerated message for OBS integration:
This bug (1159338) was mentioned in
https://build.opensuse.org/request/show/786743 15.2 / tensorflow
Comment 2 Christian Goll 2020-05-11 08:15:35 UTC
Fixed versions are available