Lucene search
Veracode Vulnerability DatabaseVERACODE:34180HistoryFeb 14, 2022 - 3:55 a.m.
Denial Of Service (DoS)
2022-02-1403:55:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
denial of service
oplevelcostestimator
calculateoutputsize
negative number
crash
software
EPSS
0.002
Percentile
51.9%
tensorflow is vulnerable to denial of service. The vulnerability exists due to an integer overflow in OpLevelCostEstimator::CalculateOutputSize allowing an attacker to crash the system by inputting a negative number into the cost estimate.
References
github.com/advisories/GHSA-wm93-f238-7v37
github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1598-L1617
github.com/tensorflow/tensorflow/commit/b9bd6cfd1c50e6807846af9a86f9b83cafc9c8ae
github.com/tensorflow/tensorflow/security/advisories/GHSA-wm93-f238-7v37
Related
osv
osv
CVE-2022-23576
2022-02-04 23:15:14
PYSEC-2022-85
2022-02-04 23:15:00
BIT-tensorflow-2022-23576
2024-03-06 11:15:07
github
github
Integer overflow in Tensorflow
2022-02-10 00:32:44
veracode
veracode
Integer Overflow
2022-02-10 03:53:28
prion
prion
Integer overflow
2022-02-04 23:15:00
nvd
nvd
CVE-2022-23576
2022-02-04 23:15:14
cvelist
cvelist
CVE-2022-23576 Integer overflow in Tensorflow
2022-02-04 22:32:22
cnvd
cnvd
Google Tensorflow Input Validation Error Vulnerability (CNVD-2022-09896)
2022-02-09 00:00:00
cve
cve
CVE-2022-23576
2022-02-04 23:15:14
