Primary

Context

Google TensorFlow Serving Unbounded Recursion Vulnerability Allowing Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in Google TensorFlow Serving, affecting versions prior to 2.18.0. The issue arises from incorrect handling of large JSON input strings, which can lead to potentially unbounded recursion and cause the server to crash.

Impact

Exploitation of this vulnerability can lead to a server crash, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a JSON request that includes a deeply nested structure or a large array. For example, a request can be crafted with the 'instances' key containing a large array, which will trigger the unbounded recursion when the server processes the JSON.

Remediation

Users can upgrade to TensorFlow Serving version 2.19.0 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google TensorFlow Serving Unbounded Recursion Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating