CVE-2025-0649

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.

CVSS

No CVSS.

References

Link	Resource
https://github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf

Configurations

No configuration.

History

07 May 2025, 14:13

Type	Values Removed	Values Added
Summary		(es) La cadena de entrada JSON incorrecta en las versiones de servicio de Tensorflow de Google hasta la 2.18.0 permite una recursión potencialmente ilimitada que puede provocar un bloqueo del servidor.

06 May 2025, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-06 21:16

Updated : 2025-05-07 14:13

NVD link : CVE-2025-0649

Mitre link : CVE-2025-0649

CVE.ORG link : CVE-2025-0649

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2025-0649", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-06T21:16:17.880", "references": [{"url": "https://github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf", "source": "cve-coordination@google.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Incorrect JSON input stringification\u00a0in Google's Tensorflow serving versions up to\u00a02.18.0\u00a0allows for\u00a0potentially unbounded recursion leading to server crash."}, {"lang": "es", "value": "La cadena de entrada JSON incorrecta en las versiones de servicio de Tensorflow de Google hasta la 2.18.0 permite una recursi\u00f3n potencialmente ilimitada que puede provocar un bloqueo del servidor."}], "lastModified": "2025-05-07T14:13:20.483", "sourceIdentifier": "cve-coordination@google.com"}

CVE-2025-0649

JSON object

Attach tags to CVE-2025-0649

Attach tags to `CVE-2025-0649`