Lucene search

K

Veracode Vulnerability DatabaseVERACODE:35645

HistoryMay 23, 2022 - 7:22 a.m.

Denial Of Service (DoS)

2022-05-2307:22:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

16

tensorflow

vulnerability

denial of service

session ops

input validation

check failure

application crash

EPSS

0.001

Percentile

41.4%

tensorflow is vulnerable to denial of service. The vulnerability exists because the tf.raw_ops.DeleteSessionTensor in session_ops.cc does not properly validate the input arguments, allowing an attacker to crash the application through the CHECK failure.

References

github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L128-L144

github.com/tensorflow/tensorflow/commit/58aef18fb90fe507bc7b78a64c4d21b3057e274d

github.com/tensorflow/tensorflow/commit/9ed60fb1fb20e1b84db5766ba794d42bcce4ccfe

github.com/tensorflow/tensorflow/commit/c38adb3be77c7c0a812728c3602f880e5cba71ff

github.com/tensorflow/tensorflow/commit/cff267650c6a1b266e4b4500f69fbc49cdd773c5

github.com/tensorflow/tensorflow/commit/d44eb2c1d31d658212815d2357bcf2a6320046bc

github.com/tensorflow/tensorflow/pull/55861

github.com/tensorflow/tensorflow/pull/55862

github.com/tensorflow/tensorflow/pull/55863

github.com/tensorflow/tensorflow/pull/55864

github.com/tensorflow/tensorflow/releases/tag/v2.6.4

github.com/tensorflow/tensorflow/releases/tag/v2.7.2

github.com/tensorflow/tensorflow/releases/tag/v2.8.1

github.com/tensorflow/tensorflow/releases/tag/v2.9.0

github.com/tensorflow/tensorflow/releases/tag/v2.9.0-rc2

github.com/tensorflow/tensorflow/security/advisories/GHSA-h5g4-ppwx-48q2

EPSS

0.001

Percentile

41.4%

Related for VERACODE:35645

osv3 github1 nvd1 cvelist1 prion1 cve1 ibm2 openvas1