Bug 1159338 - (CVE-2019-16778) VUL-1: CVE-2019-16778: tensorflow: heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32
(CVE-2019-16778)
VUL-1: CVE-2019-16778: tensorflow: heap buffer overflow in UnsortedSegmentSum...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P4 - Low : Minor (vote)
: Current
Assigned To: Christian Goll
Security Team bot
https://smash.suse.de/issue/249132/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-12-17 09:05 UTC by Alexandros Toptsoglou
Modified: 2020-05-11 08:15 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-12-17 09:05:05 UTC
CVE-2019-16778

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be
produced when the Index template argument is int32. In this case data_size and
num_segments fields are truncated from int64 to int32 and can produce negative
numbers, resulting in accessing out of bounds heap memory. This is unlikely to
be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16778
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j
https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md
Comment 1 Swamp Workflow Management 2020-03-20 08:40:13 UTC
This is an autogenerated message for OBS integration:
This bug (1159338) was mentioned in
https://build.opensuse.org/request/show/786743 15.2 / tensorflow
Comment 2 Christian Goll 2020-05-11 08:15:35 UTC
Fixed versions are available