Out-of-bounds Read Affecting tensorflow package, versions [,2.7.2) [2.8.0,2.8.1) [2.9.0,2.9.1)


0.0
high
  • Attack Complexity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-PYTHON-TENSORFLOW-3026979

  • published

    18 Sep 2022

  • disclosed

    18 Sep 2022

  • credit

    Hui Peng

How to fix?

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

Overview

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read via the GatherNd function, when the given inputs to the function are greater than or equal to the sizes of the outputs.