Lucene search
Veracode Vulnerability DatabaseVERACODE:34048HistoryFeb 08, 2022 - 5:55 a.m.
Denial Of Service (DoS)
2022-02-0805:55:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
tensorflow
vulnerability
grappler optimizer
denial of service
EPSS
0.002
Percentile
65.0%
Tensorflow is vulnerable to denial of service. An attacker is able to crash the system by altering a SavedModel in Grappler optimizer such that IsSimplifiableReshape would trigger CHECK failures.
References
github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742
github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082
github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6
github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1
github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c
Related
github
github
`CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow
2022-02-07 22:01:14
cnvd
cnvd
Google Tensorflow has an unspecified vulnerability (CNVD-2022-09894)
2022-02-09 00:00:00
prion
prion
Stack overflow
2022-02-04 23:15:00
osv
osv
`CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow
2022-02-07 22:01:14
BIT-tensorflow-2022-23581
2024-03-06 11:15:00
CVE-2022-23581
2022-02-04 23:15:14
cve
cve
CVE-2022-23581
2022-02-04 23:15:14
cvelist
cvelist
nvd
nvd
CVE-2022-23581
2022-02-04 23:15:14
