Lucene search
Veracode Vulnerability DatabaseVERACODE:34050HistoryFeb 08, 2022 - 6:03 a.m.
Denial Of Service (DoS)
2022-02-0806:03:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
tensorflow
dos
vulnerability
savedmodel
grappler optimizer
reference dtype
EPSS
0.002
Percentile
54.5%
Tensorflow is vulnerable to denial of service. An attacker may exploit the vulnerability by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype.
References
github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/tensor.cc#L733-L781
github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1328-L1402
github.com/tensorflow/tensorflow/commit/6b5adc0877de832b2a7c189532dbbbc64622eeb6
github.com/tensorflow/tensorflow/security/advisories/GHSA-fx5c-h9f6-rv7c
Related
osv
osv
CVE-2022-23588
2022-02-04 23:15:15
`CHECK`-fails due to attempting to build a reference tensor
2022-02-09 23:28:07
PYSEC-2022-97
2022-02-04 23:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-23588
2022-02-04 23:15:15
cve
cve
CVE-2022-23588
2022-02-04 23:15:15
github
github
`CHECK`-fails due to attempting to build a reference tensor
2022-02-09 23:28:07
cnvd
cnvd
Google Tensorflow has an unspecified vulnerability (CNVD-2022-09861)
2022-02-09 00:00:00
prion
prion
Stack overflow
2022-02-04 23:15:00
