Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41883

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Published

2022-11-18T21:15:10.923

Last Modified

2024-11-21T07:23:59.090

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	google	tensorflow	2.10.0	Yes
Application	google	tensorflow	2.10.0	Yes
Application	google	tensorflow	2.10.0	Yes
Application	google	tensorflow	2.10.0	Yes
Application	google	tensorflow	2.10.0	Yes

References

https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/dynamic_stitch_op.cc Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/data_flow_ops.cc Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/commit/f5381e0e10b5a61344109c1b7c174c68110f7629 Patch, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w58w-79xv-6vcj Exploit, Patch, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/dynamic_stitch_op.cc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/data_flow_ops.cc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/commit/f5381e0e10b5a61344109c1b7c174c68110f7629 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w58w-79xv-6vcj Exploit, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)