Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23567

Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Published

2022-02-03T12:15:08.117

Last Modified

2025-05-05T17:17:57.133

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-190
Type: Secondary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	google	tensorflow	≤ 2.5.2	Yes
Application	google	tensorflow	≤ 2.6.2	Yes
Application	google	tensorflow	2.7.0	Yes

References

https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc Exploit, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md Patch, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426f7221d5e8 Patch, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93ed68b7c510 Patch, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43 Patch, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426f7221d5e8 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93ed68b7c510 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)