Lucene search
GoogleOSV:BIT-TENSORFLOW-2022-35991HistoryMar 06, 2024 - 11:13 a.m.
BIT-tensorflow-2022-35991
2024-03-0611:13:07
Google
osv.dev
3
tensorflow
machine learning
denial of service
security patch
TensorFlow is an open source platform for machine learning. When TensorListScatter and TensorListScatterV2 receive an element_shape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.9.0 | |
| tensorflow | ge | 2.8.0 | |
| tensorflow | lt | 2.7.2 | |
| tensorflow | lt | 2.9.1 | |
| tensorflow | lt | 2.8.1 |
Related
github
github
prion
prion
Stack overflow
2022-09-16 23:15:00
veracode
veracode
Denial Of Service (DoS)
2022-09-19 15:11:32
osv
osv
CVE-2022-35991
2022-09-16 23:15:10
TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`
2022-09-16 22:15:05
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
2022-11-21 23:51:30
cvelist
cvelist
cve
cve
CVE-2022-35991
2022-09-16 23:15:00
freebsd
freebsd
py-tensorflow -- denial of service vulnerability
2022-11-21 00:00:00
nessus
nessus
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.7%
Related for OSV:BIT-TENSORFLOW-2022-35991