A vulnerability was found in Google TensorFlow up to 2.5.0 (Artificial Intelligence Software) and classified as critical. Affected by this issue is the function C.TF_TString_Dealloc of the component Garbage Collection Handler. Upgrading to version 2.5.1 or 2.6.0 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Google TensorFlow up to 2.5.0 Garbage Collection C.TF_TString_Dealloc memory corruption
- Virtual Patching
- August 13, 2021
- 6:04 am
- Virtual Patching
- August 13, 2021
- 6:04 am
Common Vulnerabilityies and Exposures
Contact us to get started
CVE-2023-33553 : PLANET WDRT-1800AX 1.01-CP2 COOKIE LOGINSTATUS IMPROPER AUTHENTICATION
Description An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation
CVE-2023-20887 : VMWARE ARIA OPERATIONS FOR NETWORKS 6.X COMMAND INJECTION
Description Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations
CVE-2023-29632 : JMSPAGEBUILDER 3.X ON PRESTASHOP AJAX_JMSPAGEBUILDER.PHP SQL INJECTION
Description PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. References https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmspagebuilder.html For More Information MITRE