Lucene search
GoogleOSV:BIT-TENSORFLOW-2022-41891HistoryMar 06, 2024 - 11:11 a.m.
BIT-tensorflow-2022-41891
2024-03-0611:11:07
Google
osv.dev
3
tensorflow
denial of service
vulnerability
patched
github
commit
cherrypick
supported range
TensorFlow is an open source platform for machine learning. If tf.raw_ops.TensorListConcat is given element_shape=[], it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.10.0 | |
| tensorflow | lt | 2.8.4 | |
| tensorflow | ge | 2.9.0 | |
| tensorflow | lt | 2.9.3 | |
| tensorflow | lt | 2.10.1 |
Related
prion
prion
Stack overflow
2022-11-18 22:15:00
nessus
nessus
CBL Mariner 2.0 Security Update: tensorflow (CVE-2022-41891)
2023-03-20 00:00:00
TensorFlow < 2.10.1 Multiple Vulnerabilities
2024-05-20 00:00:00
TensorFlow < 2.9.3 Multiple Vulnerabilities
2024-05-24 00:00:00
cvelist
cvelist
CVE-2022-41891 Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow
2022-11-18 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-11-22 14:13:10
cnvd
cnvd
cbl_mariner
cbl_mariner
CVE-2022-41891 affecting package tensorflow for versions less than 2.11.0-1
2022-12-09 20:03:11
osv
osv
Segfault in `tf.raw_ops.TensorListConcat`
2022-11-21 20:42:18
CVE-2022-41891
2022-11-18 22:15:16
cve
cve
CVE-2022-41891
2022-11-18 22:15:00
github
github
Segfault in `tf.raw_ops.TensorListConcat`
2022-11-21 20:42:18
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.2%
Related for OSV:BIT-TENSORFLOW-2022-41891