5 matches found
a62-emotion (>=0.10.12 <=0.11.4), agent-atm (>=0.1.0 <=0.1.1) +102 more potentially affected by CVE-2022-29191 via tensorflow-cpu (>=1.15.0 <=2.5.3)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =0.1.0, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.1.0.dev202107081840 and more Source cves: CVE-2022-29191 Source advisory: OSV:GHSA-FV25-WRFF-WF86...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4878 more potentially affected by CVE-2022-29191 via tensorflow (>=1.0.1 <=2.6.3)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-29191 Source advisory: OSV:GHSA-FV25-WRFF-WF86...
lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-29191 via tensorflow-cpu (=2.7.0)
tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-29191 Source advisory: OSV:GHSA-FV25-WRFF-WF86...
CVE-2022-29191 Missing validation causes denial of service via `GetSessionTensor` in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
CVE-2022-29191
CVE-2022-29191 affects TensorFlow: the implementation of tf.raw_ops.GetSessionTensor does not fully validate input arguments, causing a CHECK failure and enabling a denial of service on a local attacker. Affected versions are prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4; a patch is included in those v...