Lucene search
GoogleOSV:CVE-2022-21740HistoryFeb 03, 2022 - 3:15 p.m.
CVE-2022-21740
2022-02-0315:15:08
Google
osv.dev
7
tensorflow
sparsecountsparseoutput
heap overflow
vulnerability
2.5.3
2.6.3
2.7.1
2.8.0
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
References
github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273
github.com/tensorflow/tensorflow/commit/2b7100d6cdff36aa21010a82269bc05a6d1cc74a
github.com/tensorflow/tensorflow/commit/adbbabdb0d3abb3cdeac69e38a96de1d678b24b3
github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r
Related
osv
osv
BIT-tensorflow-2022-21740
2024-03-06 11:15:34
PYSEC-2022-64
2022-02-03 15:15:00
Heap overflow in Tensorflow
2022-02-09 23:47:14
cnvd
cnvd
Google TensorFlow buffer overflow vulnerability (CNVD-2022-11510)
2022-02-16 00:00:00
cve
cve
CVE-2022-21740
2022-02-03 15:15:08
github
github
Heap overflow in Tensorflow
2022-02-09 23:47:14
prion
prion
Design/Logic Flaw
2022-02-03 15:15:00
veracode
veracode
Denial Of Service (DoS)
2022-02-04 09:58:06
cvelist
cvelist
CVE-2022-21740 Heap overflow in Tensorflow
2022-02-03 14:30:47
nvd
nvd
CVE-2022-21740
2022-02-03 15:15:08
