CVE-2021-39158 Information

Description

NVCaffe’s python required dependencies list used to contain gfortranversion prior to 0.17.4 entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://github.com/NVIDIA/caffe/security/advisories/GHSA-fmpp-8pwg-vwh9

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8