Lucene search
GoogleOSV:PYSEC-2022-61HistoryFeb 03, 2022 - 2:15 p.m.
PYSEC-2022-61
2022-02-0314:15:00
Google
osv.dev
10
tensorflow
machine learning
denial of service
bincount
check-fail
kernel implementation
EPSS
0.002
Percentile
51.9%
Tensorflow is an Open Source Machine Learning Framework. The implementation of *Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in CHECK failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Related
osv
osv
CVE-2022-21737
2022-02-03 14:15:08
PYSEC-2022-116
2022-02-03 14:15:00
Assertion failure based denial of service in Tensorflow
2022-02-09 23:43:48
github
github
Assertion failure based denial of service in Tensorflow
2022-02-09 23:43:48
cnvd
cnvd
Google TensorFlow code issue vulnerability (CNVD-2022-11512)
2022-02-16 00:00:00
prion
prion
Design/Logic Flaw
2022-02-03 14:15:00
cvelist
cvelist
CVE-2022-21737 Assertion failure based denial of service in Tensorflow
2022-02-03 13:43:21
veracode
veracode
Denial Of Service (DoS)
2022-02-11 07:47:14
nvd
nvd
CVE-2022-21737
2022-02-03 14:15:08
cve
cve
CVE-2022-21737
2022-02-03 14:15:08
