Lucene search

K
cveGitHub_MCVE-2022-29213
HistoryMay 21, 2022 - 12:15 a.m.

CVE-2022-29213

2022-05-2100:15:11
CWE-20
CWE-617
GitHub_M
web.nvd.nist.gov
93
5
tensorflow
machine learning
cve-2022-29213
security vulnerability
input validation
crash issue
nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

40.1%

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes (due to CHECK-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Affected configurations

Nvd
Vulners
Node
googletensorflowRange<2.6.4
OR
googletensorflowRange2.7.02.7.2
OR
googletensorflowMatch2.7.0rc0
OR
googletensorflowMatch2.7.0rc1
OR
googletensorflowMatch2.8.0-
OR
googletensorflowMatch2.8.0rc0
OR
googletensorflowMatch2.8.0rc1
OR
googletensorflowMatch2.9.0rc0
OR
googletensorflowMatch2.9.0rc1
VendorProductVersionCPE
googletensorflow*cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
googletensorflow2.7.0cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*
googletensorflow2.7.0cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*
googletensorflow2.8.0cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:*
googletensorflow2.8.0cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*
googletensorflow2.8.0cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*
googletensorflow2.9.0cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*
googletensorflow2.9.0cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "tensorflow",
    "vendor": "tensorflow",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.6.4"
      },
      {
        "status": "affected",
        "version": ">= 2.7.0rc0, < 2.7.2"
      },
      {
        "status": "affected",
        "version": ">= 2.8.0rc0, < 2.8.1"
      },
      {
        "status": "affected",
        "version": ">= 2.9.0rc0, < 2.9.0"
      }
    ]
  }
]

Social References

More

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

40.1%