Lucene search
GoogleOSV:BIT-TENSORFLOW-2022-41889HistoryMar 06, 2024 - 11:11 a.m.
BIT-tensorflow-2022-41889
2024-03-0611:11:14
Google
osv.dev
3
tensorflow
machine learning
open source
pywrap code
quantized tensors
github commit
fix
cherrypick
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extract_volume_patches by passing in quantized tensors as input ksizes. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | lt | 2.9.3 | |
| tensorflow | lt | 2.8.4 | |
| tensorflow | ge | 2.10.0 | |
| tensorflow | lt | 2.10.1 | |
| tensorflow | ge | 2.9.0 |
Related
cnvd
cnvd
Google TensorFlow code issue vulnerability (CNVD-2022-80679)
2022-11-23 00:00:00
cve
cve
CVE-2022-41889
2022-11-18 22:15:00
nessus
nessus
CBL Mariner 2.0 Security Update: tensorflow (CVE-2022-41889)
2023-03-20 00:00:00
prion
prion
Stack overflow
2022-11-18 22:15:00
veracode
veracode
Denial Of Service (DoS)
2022-11-22 02:16:03
cbl_mariner
cbl_mariner
CVE-2022-41889 affecting package tensorflow for versions less than 2.11.0-1
2022-12-09 20:03:11
github
github
Segfault via invalid attributes in `pywrap_tfe_src.cc`
2022-11-21 20:42:00
osv
osv
CVE-2022-41889
2022-11-18 22:15:15
Segfault via invalid attributes in `pywrap_tfe_src.cc`
2022-11-21 20:42:00
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.7%
Related for OSV:BIT-TENSORFLOW-2022-41889