CVE-2024-8375: Tensorflow Unvalidated Proto Conversion
Serializing or deserializing a TensorFlow Tensor without first validating its data type via a dedicated function check. Processing untrusted types like `DT_VARIANT` and `DT_RESOURCE` can lead to Use-After-Free during unpacking because the underlying instances may be improperly initialized, allowing attackers to overwrite vtables and achieve RCE. Ensure the `
greprules fetch cve-2024-8375-tensorflow-unvalidated-proto-conversion --engine opengrepDescription
Serializing or deserializing a TensorFlow Tensor without first validating its data type via a dedicated function check. Processing untrusted types like `DT_VARIANT` and `DT_RESOURCE` can lead to Use-After-Free during unpacking because the underlying instances may be improperly initialized, allowing attackers to overwrite vtables and achieve RCE. Ensure the `
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.