Lucene search
GoogleOSV:BIT-TENSORFLOW-2022-35935HistoryMar 06, 2024 - 11:14 a.m.
BIT-tensorflow-2022-35935
2024-03-0611:14:10
Google
osv.dev
6
tensorflow
sobolsampleop
denial of service
check-failure
assertion failure
patch
cherrypick
github commit
2.10.0
2.9.1
2.8.1
2.7.2
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming input(0), input(1), and input(2) to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.9.0 | |
| tensorflow | ge | 2.8.0 | |
| tensorflow | ge | 2.7.0 | |
| tensorflow | lt | 2.7.2 | |
| tensorflow | lt | 2.9.1 | |
| tensorflow | lt | 2.8.1 |
Related
cnvd
cnvd
Google TensorFlow has an unspecified vulnerability (CNVD-2023-15773)
2022-11-25 00:00:00
osv
osv
CVE-2022-35935
2022-09-16 20:15:10
`CHECK` failure in `SobolSample` via missing validation
2022-11-21 23:51:53
cve
cve
CVE-2022-35935
2022-09-16 20:15:00
cvelist
cvelist
prion
prion
Stack overflow
2022-09-16 20:15:00
github
github
`CHECK` failure in `SobolSample` via missing validation
2022-11-21 23:51:53
nessus
nessus
freebsd
freebsd
py-tensorflow -- denial of service vulnerability
2022-11-21 00:00:00
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.7%
Related for OSV:BIT-TENSORFLOW-2022-35935