-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| tensorflow | pip | < 2.8.4 | 2.8.4 |
| tensorflow-cpu | pip | >= 2.9.0, < 2.9.3 | 2.9.3 |
| tensorflow-gpu | pip | >= 2.10.0, < 2.10.1 | 2.10.1 |
| tensorflow | pip | >= 2.9.0, < 2.9.3 | 2.9.3 |
| tensorflow | pip | >= 2.10.0, < 2.10.1 | 2.10.1 |
| tensorflow-cpu | pip | < 2.8.4 | 2.8.4 |
| tensorflow-gpu | pip | < 2.8.4 | 2.8.4 |
| tensorflow-gpu | pip | >= 2.9.0, < 2.9.3 | 2.9.3 |
| tensorflow-cpu | pip | >= 2.10.0, < 2.10.1 | 2.10.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsafe char-to-bool conversion in tensor printing logic. The original implementation of SummarizeArray<bool> (template specialization) directly reinterpret_casted char* storage to bool* without validation. This violates C++ requirements that bool must be 0 or 1, causing sanitizer crashes. The patch adds a dedicated bool specialization that sanitizes char values to 0/1 before conversion, confirming this was the vulnerable code path. The file location and function are explicitly shown in the commit diff.
PythonPythonOngoing coverage of React2Shell