Lucene search
GoogleOSV:BIT-TENSORFLOW-2022-41895HistoryMar 06, 2024 - 11:10 a.m.
BIT-tensorflow-2022-41895
2024-03-0611:10:55
Google
osv.dev
3
tensorflow
machine learning
github commit
tensorflow 2.11
cherrypick
tensorflow 2.10.1
tensorflow 2.9.3
tensorflow 2.8.4
open source platform
TensorFlow is an open source platform for machine learning. If MirrorPadGrad is given outsize input paddings, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.10.0 | |
| tensorflow | lt | 2.8.4 | |
| tensorflow | ge | 2.9.0 | |
| tensorflow | lt | 2.9.3 | |
| tensorflow | lt | 2.10.1 |
Related
prion
prion
Design/Logic Flaw
2022-11-18 22:15:00
cnvd
cnvd
Google TensorFlow MirrorPadGrad buffer overflow vulnerability
2022-11-23 00:00:00
osv
osv
`MirrorPadGrad` heap out of bounds read
2022-11-21 20:44:36
CVE-2022-41895
2022-11-18 22:15:18
cve
cve
CVE-2022-41895
2022-11-18 22:15:00
veracode
veracode
Denial Of Service (DoS)
2022-11-22 08:14:51
nessus
nessus
CBL Mariner 2.0 Security Update: tensorflow (CVE-2022-41895)
2023-03-20 00:00:00
TensorFlow < 2.10.1 Multiple Vulnerabilities
2024-05-20 00:00:00
TensorFlow < 2.9.3 Multiple Vulnerabilities
2024-05-24 00:00:00
cvelist
cvelist
CVE-2022-41895 `MirrorPadGrad` heap out of bounds read in Tensorflow
2022-11-18 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-41895 affecting package tensorflow for versions less than 2.11.0-1
2022-12-09 20:03:11
github
github
`MirrorPadGrad` heap out of bounds read
2022-11-21 20:44:36
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.0%
Related for OSV:BIT-TENSORFLOW-2022-41895