Lucene search
Veracode Vulnerability DatabaseVERACODE:34130HistoryFeb 10, 2022 - 6:09 a.m.
Integer Overflow
2022-02-1006:09:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
tensorflow
vulnerability
integer overflow
calculatetensorsize
op_level_cost_estimator.cc
software
EPSS
0.002
Percentile
51.9%
tensorflow is vulnerable to integer overflow. The vulnerability exists in CalculateTensorSize function of op_level_cost_estimator.cc because the input size has not been checked which allows an attacker to insert large numbers of elements that causes an application crash.
References
github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1552-L1558
github.com/tensorflow/tensorflow/commit/fcd18ce3101f245b083b30655c27b239dc72221e
github.com/tensorflow/tensorflow/security/advisories/GHSA-c94w-c95p-phf8
Related
cnvd
cnvd
Google Tensorflow Input Validation Error Vulnerability (CNVD-2022-09897)
2022-02-09 00:00:00
prion
prion
Integer overflow
2022-02-04 23:15:00
cve
cve
CVE-2022-23575
2022-02-04 23:15:14
osv
osv
PYSEC-2022-84
2022-02-04 23:15:00
Integer overflow in Tensorflow
2022-02-10 00:32:59
PYSEC-2022-139
2022-02-04 23:15:00
cvelist
cvelist
CVE-2022-23575 Integer overflow in Tensorflow
2022-02-04 22:32:23
github
github
Integer overflow in Tensorflow
2022-02-10 00:32:59
nvd
nvd
CVE-2022-23575
2022-02-04 23:15:14
