Bug 1171151 - (CVE-2018-21233) VUL-1: CVE-2018-21233: tensorflow: out-of-bounds read due to an integer overflow may leak memory contents
(CVE-2018-21233)
VUL-1: CVE-2018-21233: tensorflow: out-of-bounds read due to an integer overf...
Status: RESOLVED INVALID
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P5 - None : Minor (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/259006/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-05-05 08:37 UTC by Alexandros Toptsoglou
Modified: 2020-05-05 08:38 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-05-05 08:37:08 UTC
CVE-2018-21233

TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds
read, possibly causing disclosure of the contents of process memory. This occurs
in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-21233
https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21233
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md
Comment 1 Alexandros Toptsoglou 2020-05-05 08:38:08 UTC
Factory and Leap 15.2 are not affected since the version that they ship contains the fix.