Lucene search
GitHub Advisory DatabaseGHSA-8RCJ-C8PJ-V3M3HistoryFeb 09, 2022 - 11:55 p.m.
Reachable Assertion in Tensorflow
2022-02-0923:55:28
CWE-617
GitHub Advisory Database
github.com
16
0.001 Low
EPSS
Percentile
32.3%
Impact
When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes.
Patches
We have patched the issue in GitHub commit 14fea662350e7c26eb5fe1be2ac31704e5682ee6.
The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow-gpu | eq | 2.7.0 | |
| tensorflow-gpu | lt | 2.6.3 | |
| tensorflow-gpu | lt | 2.5.3 | |
| tensorflow-cpu | eq | 2.7.0 | |
| tensorflow-cpu | lt | 2.6.3 | |
| tensorflow-cpu | lt | 2.5.3 | |
| tensorflow | eq | 2.7.0 | |
| tensorflow | lt | 2.6.3 | |
| tensorflow | lt | 2.5.3 |
Related
cnvd
cnvd
Google Tensorflow has an unspecified vulnerability (CNVD-2022-09901)
2022-02-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-02-08 03:37:39
osv
osv
cvelist
cvelist
CVE-2022-23564 Reachable Assertion in Tensorflow
2022-02-04 22:32:41
prion
prion
Stack overflow
2022-02-04 23:15:00
cve
cve
CVE-2022-23564
2022-02-04 23:15:00
