Integer overflow

2022-05-2023:15:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.8%

JSON

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.SpaceToBatchND (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a CHECK-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CPENameOperatorVersion
tensorfloweq2.7.0 rc1
tensorfloweq2.7.0 rc0
tensorflowge2.7.0
tensorflowlt2.7.2
tensorflowlt2.6.4
tensorfloweq2.8.0 rc0
tensorfloweq2.8.0 rc1
tensorfloweq2.9.0 rc1
tensorfloweq2.9.0 rc0
tensorfloweq2.8.0

Name	Operator	Version
tensorflow	eq	2.7.0 rc1
tensorflow	eq	2.7.0 rc0
tensorflow	ge	2.7.0
tensorflow	lt	2.7.2
tensorflow	lt	2.6.4
tensorflow	eq	2.8.0 rc0
tensorflow	eq	2.8.0 rc1
tensorflow	eq	2.9.0 rc1
tensorflow	eq	2.9.0 rc0
tensorflow	eq	2.8.0