Lucene search
GoogleOSV:CVE-2022-21737HistoryFeb 03, 2022 - 2:15 p.m.
CVE-2022-21737
2022-02-0314:15:08
Google
osv.dev
7
tensorflow
machine learning
denial of service
vulnerability
fixed versions
cherrypick
EPSS
0.002
Percentile
51.9%
Tensorflow is an Open Source Machine Learning Framework. The implementation of *Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in CHECK failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Related
osv
osv
PYSEC-2022-116
2022-02-03 14:15:00
PYSEC-2022-61
2022-02-03 14:15:00
BIT-tensorflow-2022-21737
2024-03-06 11:15:37
github
github
Assertion failure based denial of service in Tensorflow
2022-02-09 23:43:48
prion
prion
Design/Logic Flaw
2022-02-03 14:15:00
cnvd
cnvd
Google TensorFlow code issue vulnerability (CNVD-2022-11512)
2022-02-16 00:00:00
cvelist
cvelist
CVE-2022-21737 Assertion failure based denial of service in Tensorflow
2022-02-03 13:43:21
veracode
veracode
Denial Of Service (DoS)
2022-02-11 07:47:14
nvd
nvd
CVE-2022-21737
2022-02-03 14:15:08
cve
cve
CVE-2022-21737
2022-02-03 14:15:08
