3 matches found
ddpg-tf2 (=1.0.1), rpnet (>=0.0.1 <=0.1.0) +6 more potentially affected by CVE-2022-23593 via tensorflow-gpu (>=2.7.0 <=2.7.2)
tensorflow-gpu PYPI version =2.7.0, =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23593 Source advisory: OSV:PYSEC-2022-157...
CVE-2022-23593
TensorFlow CVE-2022-23593 affects the MLIR-TFRT simplifyBroadcast path. When shapes are scalar, maxRank becomes 0 and an empty SmallVector is built, leading to a segfault (denial of service). The fix is planned for TensorFlow 2.8.0; upgrading to that version (or newer) is the remediation if appli...
CVE-2022-23593 Segfault in `simplifyBroadcast` in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault hence, denial of service, if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector...