Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2022-21736
HistoryFeb 03, 2022 - 12:15 p.m.

CVE-2022-21736

2022-02-0312:15:08
Google
osv.dev
9
tensorflow
machine learning
framework
sparsetensorslicedataset
undefined behavior
nullptr dereference
preconditions
validation
fix
tensorflow 2.8.0
cherrypick
commit
tensorflow 2.7.1
tensorflow 2.6.3
tensorflow 2.5.3
supported range
software

EPSS

0.002

Percentile

51.9%

JSON

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value. The 3 input arguments to SparseTensorSliceDataset represent a sparse tensor. However, there are some preconditions that these arguments must satisfy but these are not validated in the implementation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Related

osv 4
github 1
nvd 1
prion 1
cvelist 1
cve 1
ibm 1
osv
osv
Undefined behavior in `SparseTensorSliceDataset`
2022-02-09 23:43:27
BIT-tensorflow-2022-21736
2024-03-06 11:15:39
PYSEC-2022-60
2022-02-03 12:15:00
github
github
Undefined behavior in `SparseTensorSliceDataset`
2022-02-09 23:43:27
nvd
nvd
CVE-2022-21736
2022-02-03 12:15:08
prion
prion
Design/Logic Flaw
2022-02-03 12:15:00
cvelist
cvelist
CVE-2022-21736 Undefined behavior in Tensorflow
2022-02-03 12:08:03
cve
cve
CVE-2022-21736
2022-02-03 12:15:08
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow
2022-03-30 15:22:10

EPSS

0.002

Percentile

51.9%

JSON
Related for OSV:CVE-2022-21736
osv4github1nvd1prion1cvelist1cve1ibm1