Stack overflow

2022-05-2023:15:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.6%

JSON

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1.* ops which don’t yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a nullptr value is passed to ParseDimensionValue for the py_value argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CPENameOperatorVersion
tensorfloweq2.7.0 rc1
tensorfloweq2.7.0 rc0
tensorflowge2.7.0
tensorflowlt2.7.2
tensorflowlt2.6.4
tensorfloweq2.8.0 rc0
tensorfloweq2.8.0 rc1
tensorfloweq2.9.0 rc1
tensorfloweq2.9.0 rc0
tensorfloweq2.8.0

Name	Operator	Version
tensorflow	eq	2.7.0 rc1
tensorflow	eq	2.7.0 rc0
tensorflow	ge	2.7.0
tensorflow	lt	2.7.2
tensorflow	lt	2.6.4
tensorflow	eq	2.8.0 rc0
tensorflow	eq	2.8.0 rc1
tensorflow	eq	2.9.0 rc1
tensorflow	eq	2.9.0 rc0
tensorflow	eq	2.8.0