CVE-2022-21729 Overflow and uncaught divide by zero in Tensorflow

2022-02-0312:28:25

GitHub_M

www.cve.org

cve-2022-21729

overflow

uncaught

divide by zero

tensorflow

open source

machine learning framework

unravelindex

integer overflow bug

fix

tensorflow 2.8.0

cherrypick

commit

supported range

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

51.9%

JSON

Tensorflow is an Open Source Machine Learning Framework. The implementation of UnravelIndex is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.