diff options
Diffstat (limited to 'tensorflow/security/advisory/tfsa-2018-004.md')
-rw-r--r-- | tensorflow/security/advisory/tfsa-2018-004.md | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/tensorflow/security/advisory/tfsa-2018-004.md b/tensorflow/security/advisory/tfsa-2018-004.md new file mode 100644 index 0000000000..d172247288 --- /dev/null +++ b/tensorflow/security/advisory/tfsa-2018-004.md @@ -0,0 +1,35 @@ +## TFSA-2018-004: Checkpoint Meta File Out-of-Bounds Read + +### CVE Number + +CVE-2018-7575 + +### Issue Description + +The block size in meta file might contain a large int64 value which causes +an integer overflow upon addition. Subsequent code using n as index may cause +an out-of-bounds read. + +### Impact + +A maliciously crafted meta checkpoint could be used to cause the TensorFlow +process to perform an out of bounds read on in process memory. + +### Vulnerable Versions + +TensorFlow 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0, 1.7.0 + +### Mitigation + +We have patched the vulnerability in GitHub commit +[https://github.com/tensorflow/tensorflow/commit/d107fee1e4a9a4462f01564798d345802acc2aef](d107fee1). +If users are running TensorFlow on untrusted meta checkpoints, such as those +downloaded from the Internet, in production or on untrusted data, they are +encouraged to apply this patch. + +Additionally, we have released TensorFlow version 1.7.1 to mitigate this +vulnerability. + +### Credits + +This issue was discovered by the Blade Team of Tencent. |