Lucene search

[email protected]NVD:CVE-2022-29213

HistoryMay 21, 2022 - 12:15 a.m.

CVE-2022-29213

2022-05-2100:15:11

CWE-20

CWE-617

[email protected]

web.nvd.nist.gov

tensorflow

machine learning

input validation

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.1%

JSON

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes (due to CHECK-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Affected configurations

Nvd

Node

googletensorflowRange<2.6.4

googletensorflowRange2.7.0–2.7.2

googletensorflowMatch2.7.0rc0

googletensorflowMatch2.7.0rc1

googletensorflowMatch2.8.0-

googletensorflowMatch2.8.0rc0

googletensorflowMatch2.8.0rc1

googletensorflowMatch2.9.0rc0

googletensorflowMatch2.9.0rc1

VendorProductVersionCPE
googletensorflow*cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
googletensorflow2.7.0cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*
googletensorflow2.7.0cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*
googletensorflow2.8.0cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:*
googletensorflow2.8.0cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*
googletensorflow2.8.0cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*
googletensorflow2.9.0cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*
googletensorflow2.9.0cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	tensorflow	*	cpe:2.3:a:google:tensorflow::::::::
google	tensorflow	2.7.0	cpe:2.3:a:google:tensorflow:2.7.0:rc0::::::
google	tensorflow	2.7.0	cpe:2.3:a:google:tensorflow:2.7.0:rc1::::::
google	tensorflow	2.8.0	cpe:2.3:a:google:tensorflow:2.8.0:-::::::
google	tensorflow	2.8.0	cpe:2.3:a:google:tensorflow:2.8.0:rc0::::::
google	tensorflow	2.8.0	cpe:2.3:a:google:tensorflow:2.8.0:rc1::::::
google	tensorflow	2.9.0	cpe:2.3:a:google:tensorflow:2.9.0:rc0::::::
google	tensorflow	2.9.0	cpe:2.3:a:google:tensorflow:2.9.0:rc1::::::

References

github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73

github.com/tensorflow/tensorflow/issues/55263

github.com/tensorflow/tensorflow/pull/55274

github.com/tensorflow/tensorflow/releases/tag/v2.6.4

github.com/tensorflow/tensorflow/releases/tag/v2.7.2

github.com/tensorflow/tensorflow/releases/tag/v2.8.1

github.com/tensorflow/tensorflow/releases/tag/v2.9.0

github.com/tensorflow/tensorflow/security/advisories/GHSA-5889-7v45-q28m

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.1%

JSON

Related for NVD:CVE-2022-29213

osv3 cve1 github1 prion1 cvelist1 ibm2 openvas1