Lucene search
GoogleOSV:PYSEC-2022-116HistoryFeb 03, 2022 - 2:15 p.m.
PYSEC-2022-116
2022-02-0314:15:00
Google
osv.dev
11
tensorflow
denial of service
bincount
check failures
fix
cherrypicking
supported versions
EPSS
0.002
Percentile
51.9%
Tensorflow is an Open Source Machine Learning Framework. The implementation of *Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in CHECK failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Related
osv
osv
CVE-2022-21737
2022-02-03 14:15:08
PYSEC-2022-61
2022-02-03 14:15:00
BIT-tensorflow-2022-21737
2024-03-06 11:15:37
github
github
Assertion failure based denial of service in Tensorflow
2022-02-09 23:43:48
cnvd
cnvd
Google TensorFlow code issue vulnerability (CNVD-2022-11512)
2022-02-16 00:00:00
prion
prion
Design/Logic Flaw
2022-02-03 14:15:00
cvelist
cvelist
CVE-2022-21737 Assertion failure based denial of service in Tensorflow
2022-02-03 13:43:21
veracode
veracode
Denial Of Service (DoS)
2022-02-11 07:47:14
nvd
nvd
CVE-2022-21737
2022-02-03 14:15:08
cve
cve
CVE-2022-21737
2022-02-03 14:15:08
