CVE-2022-23559 - Vulnerability Details - OpenCVE

ReportizFlow

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Google	Tensorflow

Configuration 1 [-]

OR	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow:2.7.0:::::::*

No data.

References

Link	Providers
https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189
https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043
https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4
https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5

History

Tue, 22 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-02-04T22:32:37.000Z

Updated: 2025-04-22T18:23:20.273Z

Reserved: 2022-01-19T00:00:00.000Z

Link: CVE-2022-23559

Vulnrichment

Updated: 2024-08-03T03:43:46.566Z

NVD

Status : Modified

Published: 2022-02-04T23:15:13.673

Modified: 2024-11-21T06:48:48.760

Link: CVE-2022-23559

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "tensorflow", "vendor": "tensorflow", "versions": [{"status": "affected", "version": ">= 2.7.0, < 2.7.1"}, {"status": "affected", "version": ">= 2.6.0, < 2.6.3"}, {"status": "affected", "version": "< 2.5.3"}]}], "descriptions": [{"lang": "en", "value": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-04T22:32:37.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189"}], "source": {"advisory": "GHSA-98p5-x8x4-c9m5", "discovery": "UNKNOWN"}, "title": "Integer overflow in TFLite", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2022-23559", "STATE": "PUBLIC", "TITLE": "Integer overflow in TFLite"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "tensorflow", "version": {"version_data": [{"version_value": ">= 2.7.0, < 2.7.1"}, {"version_value": ">= 2.6.0, < 2.6.3"}, {"version_value": "< 2.5.3"}]}}]}, "vendor_name": "tensorflow"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-190: Integer Overflow or Wraparound"}]}]}, "references": {"reference_data": [{"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5"}, {"name": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043"}, {"name": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4"}, {"name": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01"}, {"name": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189"}]}, "source": {"advisory": "GHSA-98p5-x8x4-c9m5", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.566Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T15:44:41.212287Z", "id": "CVE-2022-23559", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T18:23:20.273Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-23559", "datePublished": "2022-02-04T22:32:37.000Z", "dateReserved": "2022-01-19T00:00:00.000Z", "dateUpdated": "2025-04-22T18:23:20.273Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.566Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-23559", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-22T15:44:41.212287Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T15:44:42.850Z"}}], "cna": {"title": "Integer overflow in TFLite", "source": {"advisory": "GHSA-98p5-x8x4-c9m5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "tensorflow", "product": "tensorflow", "versions": [{"status": "affected", "version": ">= 2.7.0, < 2.7.1"}, {"status": "affected", "version": ">= 2.6.0, < 2.6.3"}, {"status": "affected", "version": "< 2.5.3"}]}], "references": [{"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-02-04T22:32:37.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, "source": {"advisory": "GHSA-98p5-x8x4-c9m5", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": ">= 2.7.0, < 2.7.1"}, {"version_value": ">= 2.6.0, < 2.6.3"}, {"version_value": "< 2.5.3"}]}, "product_name": "tensorflow"}]}, "vendor_name": "tensorflow"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", "refsource": "CONFIRM"}, {"url": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043", "name": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043", "refsource": "MISC"}, {"url": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4", "name": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4", "refsource": "MISC"}, {"url": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01", "name": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01", "refsource": "MISC"}, {"url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189", "name": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-190: Integer Overflow or Wraparound"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-23559", "STATE": "PUBLIC", "TITLE": "Integer overflow in TFLite", "ASSIGNER": "[email protected]"}}}}, "cveMetadata": {"cveId": "CVE-2022-23559", "state": "PUBLISHED", "dateUpdated": "2025-04-22T18:23:20.273Z", "dateReserved": "2022-01-19T00:00:00.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-02-04T22:32:37.000Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "688150BF-477C-48FC-9AEF-A79AC57A6DDC", "versionEndIncluding": "2.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9E69B60-8C97-47E2-9027-9598B8392E5D", "versionEndIncluding": "2.6.2", "versionStartIncluding": "2.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "2EDFAAB8-799C-4259-9102-944D4760DA2C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version."}, {"lang": "es", "value": "Tensorflow es un Marco de Aprendizaje Autom\u00e1tico de C\u00f3digo Abierto. Un atacante puede dise\u00f1ar un modelo TFLite que cause un desbordamiento de enteros en las operaciones de b\u00fasqueda de inserci\u00f3n. Tanto \"embedding_size\" como \"lookup_size\" son productos de valores proporcionados por el usuario. Por lo tanto, un usuario malicioso podr\u00eda desencadenar desbordamientos en la multiplicaci\u00f3n. En determinados escenarios, esto puede resultar en una lectura/escritura de OOB de la pila. Se aconseja a usuarios que actualicen a una versi\u00f3n parcheada"}], "id": "CVE-2022-23559", "lastModified": "2024-11-21T06:48:48.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-02-04T23:15:13.673", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "[email protected]", "type": "Primary"}]}