CVE-2018-8825: Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
8.8
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.47773%
CWE
Published
4/24/2019
Updated
10/28/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
tensorflow | pip | >= 1.5.0, < 1.7.1 | 1.7.1 |
tensorflow-gpu | pip | >= 1.5.0, < 1.7.1 | 1.7.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from insufficient FlatBuffer validation in TOCO. The patch added critical checks in 4 key areas: 1) import.cc
verification was strengthened by using tflite::Verify
instead of a weak custom check. 2) verifier.cc
gained buffer existence checks (model->buffers()
), 3) operator input/output validation, and 4) operator code range validation. These missing pre-patch checks directly enabled buffer overflows through malformed TFLite graphs, as confirmed by the CVE description and patch diffs showing added validation logic.