{"data":{"id":"9789f290-2ea3-4d33-bda9-58fd668c1bed","title":"CVE-2019-16778: In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument","summary":"TensorFlow versions before 1.15 had a heap buffer overflow (a type of memory access bug where a program writes beyond the boundaries of allocated memory) in the UnsortedSegmentSum function when using 32-bit integers, causing some large numbers to be incorrectly converted to negative values and leading to out-of-bounds memory access. The vulnerability was considered unlikely to be exploitable and was fixed internally in TensorFlow 1.15 and 2.0.","solution":"Update to TensorFlow 1.15 or 2.0, as the vulnerability was \"detected and fixed internally in TensorFlow 1.15 and 2.0.\"","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2019-16778","publishedAt":"2019-12-17T02:15:11.403Z","cveId":"CVE-2019-16778","cweIds":["CWE-122","CWE-681"],"cvssScore":"2.6","cvssSeverity":"low","severity":"low","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00325,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}