Lucene search
China National Vulnerability DatabaseCNVD-2022-80683HistoryNov 23, 2022 - 12:00 a.m.
Google TensorFlow buffer overflow vulnerability (CNVD-2022-80683)
2022-11-2300:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Google TensorFlow is an end-to-end open source platform for machine learning from Google. Google TensorFlow suffers from a buffer overflow vulnerability that stems from the lack of proper validation of user-supplied data in Bcast::ToShape, which could be exploited by an attacker to crash the program.
| CPE | Name | Operator | Version |
|---|---|---|---|
| google tensorflow | lt | 2.8.4 | |
| google tensorflow >=2.9.0, | lt | 2.9.3 | |
| google tensorflow >=2.10.0, | lt | 2.10.1 |
Related
cve
cve
CVE-2022-41890
2022-11-18 22:15:00
nessus
nessus
CBL Mariner 2.0 Security Update: tensorflow (CVE-2022-41890)
2023-03-20 00:00:00
osv
osv
`CHECK` fail in `BCast` overflow
2022-11-21 20:42:10
BIT-tensorflow-2022-41890
2024-03-06 11:11:11
CVE-2022-41890
2022-11-18 22:15:16
prion
prion
Design/Logic Flaw
2022-11-18 22:15:00
cvelist
cvelist
CVE-2022-41890 `CHECK` fail in `BCast` overflow in Tensorflow
2022-11-18 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-11-22 10:12:19
github
github
`CHECK` fail in `BCast` overflow
2022-11-21 20:42:10
cbl_mariner
cbl_mariner
CVE-2022-41890 affecting package tensorflow for versions less than 2.11.0-1
2022-12-09 20:03:11
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Related for CNVD-2022-80683