Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-PQRV-8R2F-7278
HistoryFeb 09, 2022 - 11:29 p.m.

Crash due to erroneous `StatusOr` in TensorFlow

2022-02-0923:29:38
CWE-754
GitHub Advisory Database
github.com
14
tensorflow
graphdef
crash
statusor
patch
security guide

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

57.4%

JSON

Impact

A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it:

  if (op_reg_data->type_ctor != nullptr) {
    VLOG(3) << "AddNode: found type constructor for " << node_def.name();
    const auto ctor_type =
        full_type::SpecializeType(AttrSlice(node_def), op_reg_data->op_def);
    const FullTypeDef ctor_typedef = ctor_type.ValueOrDie();
    if (ctor_typedef.type_id() != TFT_UNSET) {
      *(node_def.mutable_experimental_type()) = ctor_typedef;
    }
  }

If ctor_type is an error status, ValueOrDie results in a crash.

Patches

We have patched the issue in GitHub commit 955059813cc325dc1db5e2daa6221271406d4439.

We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Affected configurations

Vulners
Node
tensorflow-gpuRange<2.7.1
OR
tensorflow-cpuRange<2.7.1
OR
tensorflowtensorflowRange<2.7.1
VendorProductVersionCPE
*tensorflow-gpu*cpe:2.3:a:*:tensorflow-gpu:*:*:*:*:*:*:*:*
*tensorflow-cpu*cpe:2.3:a:*:tensorflow-cpu:*:*:*:*:*:*:*:*
tensorflowtensorflow*cpe:2.3:a:tensorflow:tensorflow:*:*:*:*:*:*:*:*

Related

cnvd 1
osv 5
cvelist 1
nvd 1
veracode 1
prion 1
cve 1
ibm 1
cnvd
cnvd
Google Tensorflow code issue vulnerability (NVD-C-2022-117042)
2022-02-09 00:00:00
osv
osv
CVE-2022-23590
2022-02-04 23:15:15
Crash due to erroneous `StatusOr` in TensorFlow
2022-02-09 23:29:38
PYSEC-2022-99
2022-02-04 23:15:00
cvelist
cvelist
CVE-2022-23590 Crash due to erroneous `StatusOr` in Tensorflow
2022-02-04 22:32:10
nvd
nvd
CVE-2022-23590
2022-02-04 23:15:15
veracode
veracode
Denial Of Service (DoS)
2022-02-08 04:24:23
prion
prion
Stack overflow
2022-02-04 23:15:00
cve
cve
CVE-2022-23590
2022-02-04 23:15:15
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow
2022-03-30 15:22:10

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

57.4%

JSON
Related for GHSA-PQRV-8R2F-7278
cnvd1osv5cvelist1nvd1veracode1prion1cve1ibm1