{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45828?format=json","vulnerability_id":"VCID-pykv-y1x7-ykg5","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nImproper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.","aliases":[{"alias":"CVE-2023-27506"},{"alias":"GHSA-m2f8-v8q4-3m59"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66540?format=json","purl":"pkg:pypi/intel-tensorflow@2.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/intel-tensorflow@2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/66543?format=json","purl":"pkg:pypi/intel-tensorflow-avx512@2.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/intel-tensorflow-avx512@2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/66539?format=json","purl":"pkg:pypi/tensorflow-intel@2.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-intel@2.12"}],"affected_packages":[],"references":[{"reference_url":"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27506","reference_id":"CVE-2023-27506","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27506"},{"reference_url":"https://github.com/advisories/GHSA-m2f8-v8q4-3m59","reference_id":"GHSA-m2f8-v8q4-3m59","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m2f8-v8q4-3m59"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":119,"name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","description":"The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pykv-y1x7-ykg5"}