-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests in RangeSize's calculation logic for integral types. The pre-patch code computes size using arithmetic operations that might overflow before the subsequent validation check. The critical issues are: 1) Intermediate values in the size calculation could exceed int64_t limits, 2) The overflow check occurs after potentially overflowing operations. The patch replaces this with Eigen::divup with explicit int64_t casting, demonstrating the original code's vulnerability to integer overflow during size computation.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| tensorflow | pip | < 2.7.2 | 2.7.2 |
| tensorflow | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
| tensorflow | pip | >= 2.9.0, < 2.9.1 | 2.9.1 |
| tensorflow-cpu | pip | < 2.7.2 | 2.7.2 |
| tensorflow-cpu | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
| tensorflow-cpu | pip | >= 2.9.0, < 2.9.1 | 2.9.1 |
| tensorflow-gpu | pip | < 2.7.2 | 2.7.2 |
| tensorflow-gpu | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
| tensorflow-gpu | pip | >= 2.9.0, < 2.9.1 | 2.9.1 |
PythonPython