Lucene search
GoogleOSV:BIT-TENSORFLOW-2022-41893HistoryMar 06, 2024 - 11:11 a.m.
BIT-tensorflow-2022-41893
2024-03-0611:11:03
Google
osv.dev
1
tensorflow
machine learning
security flaw
denial of service
github commit
patch
cherrypick
supported versions
TensorFlow is an open source platform for machine learning. If tf.raw_ops.TensorListResize is given a nonscalar value for input size, it results CHECK fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | lt | 2.9.3 | |
| tensorflow | lt | 2.8.4 | |
| tensorflow | ge | 2.10.0 | |
| tensorflow | lt | 2.10.1 | |
| tensorflow | ge | 2.9.0 |
Related
osv
osv
`CHECK_EQ` fail in `tf.raw_ops.TensorListResize`
2022-11-21 20:42:39
CVE-2022-41893
2022-11-18 22:15:17
cnvd
cnvd
Google TensorFlow tf.raw_ops.TensorListResize buffer overflow vulnerability
2022-11-23 00:00:00
nessus
nessus
CBL Mariner 2.0 Security Update: tensorflow (CVE-2022-41893)
2023-03-20 00:00:00
cve
cve
CVE-2022-41893
2022-11-18 22:15:00
veracode
veracode
Denial Of Service (DoS)
2022-11-22 02:47:30
prion
prion
Stack overflow
2022-11-18 22:15:00
cvelist
cvelist
`CHECK_EQ` fail in `tf.raw_ops.TensorListResize` in Tensorflow
2022-11-18 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-41893 affecting package tensorflow for versions less than 2.11.0-1
2022-12-09 20:03:11
github
github
`CHECK_EQ` fail in `tf.raw_ops.TensorListResize`
2022-11-21 20:42:39
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.7%
Related for OSV:BIT-TENSORFLOW-2022-41893