-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing lower-bound validation (pooling_ratio >=1) in the core pooling operations. The commit diff shows critical validation was added in both fractional_avg_pool_op.cc and fractional_max_pool_op.cc constructors, and the CVE description explicitly identifies these two ops. The pre-patch code only checked pooling_ratio <= input_size but didn't prevent ratios <1, which would invert the size calculation logic and cause invalid memory access.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| tensorflow | pip | < 2.8.4 | 2.8.4 |
| tensorflow | pip | >= 2.9.0, < 2.9.3 | 2.9.3 |
| tensorflow | pip | >= 2.10.0, < 2.10.1 | 2.10.1 |
| tensorflow-cpu | pip | < 2.8.4 | 2.8.4 |
| tensorflow-gpu | pip | < 2.8.4 | 2.8.4 |
| tensorflow-cpu | pip | >= 2.9.0, < 2.9.3 | 2.9.3 |
| tensorflow-gpu | pip | >= 2.9.0, < 2.9.3 | 2.9.3 |
| tensorflow-cpu | pip | >= 2.10.0, < 2.10.1 | 2.10.1 |
| tensorflow-gpu | pip | >= 2.10.0, < 2.10.1 | 2.10.1 |
PythonPythonKEV Misses 88% of Exploited CVEs- Get the report