Lucene search
GoogleOSV:PYSEC-2022-102HistoryFeb 04, 2022 - 11:15 p.m.
PYSEC-2022-102
2022-02-0423:15:00
Google
osv.dev
9
0.002 Low
EPSS
Percentile
53.4%
Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector. The fix will be included in TensorFlow 2.8.0. This is the only affected version.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow-cpu | eq | 2.7.1 | |
| tensorflow-cpu | eq | 2.7.4 | |
| tensorflow-cpu | eq | 2.7.2 | |
| tensorflow-cpu | eq | 2.8.0rc0 | |
| tensorflow-cpu | eq | 2.8.0rc1 | |
| tensorflow-cpu | eq | 2.7.0 | |
| tensorflow-cpu | eq | 2.7.3 |
References
github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205
github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a
github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2
Related
cnvd
cnvd
Google Tensorflow code issue vulnerability (CNVD-2022-09866)
2022-02-09 00:00:00
osv
osv
CVE-2022-23593
2022-02-04 23:15:15
BIT-tensorflow-2022-23593
2024-03-06 11:14:45
Segfault in `simplifyBroadcast` in Tensorflow
2022-02-09 23:32:08
cve
cve
CVE-2022-23593
2022-02-04 23:15:15
prion
prion
Stack overflow
2022-02-04 23:15:00
cvelist
cvelist
CVE-2022-23593 Segfault in `simplifyBroadcast` in Tensorflow
2022-02-04 22:32:08
nvd
nvd
CVE-2022-23593
2022-02-04 23:15:15
github
github
Segfault in `simplifyBroadcast` in Tensorflow
2022-02-09 23:32:08
