tensorflow is vulnerable to denial of service. The vulnerability exists because the tf.raw_ops.DeleteSessionTensor
in session_ops.cc
does not properly validate the input arguments, allowing an attacker to crash the application through the CHECK
failure.
github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L128-L144
github.com/tensorflow/tensorflow/commit/58aef18fb90fe507bc7b78a64c4d21b3057e274d
github.com/tensorflow/tensorflow/commit/9ed60fb1fb20e1b84db5766ba794d42bcce4ccfe
github.com/tensorflow/tensorflow/commit/c38adb3be77c7c0a812728c3602f880e5cba71ff
github.com/tensorflow/tensorflow/commit/cff267650c6a1b266e4b4500f69fbc49cdd773c5
github.com/tensorflow/tensorflow/commit/d44eb2c1d31d658212815d2357bcf2a6320046bc
github.com/tensorflow/tensorflow/pull/55861
github.com/tensorflow/tensorflow/pull/55862
github.com/tensorflow/tensorflow/pull/55863
github.com/tensorflow/tensorflow/pull/55864
github.com/tensorflow/tensorflow/releases/tag/v2.6.4
github.com/tensorflow/tensorflow/releases/tag/v2.7.2
github.com/tensorflow/tensorflow/releases/tag/v2.8.1
github.com/tensorflow/tensorflow/releases/tag/v2.9.0
github.com/tensorflow/tensorflow/releases/tag/v2.9.0-rc2
github.com/tensorflow/tensorflow/security/advisories/GHSA-h5g4-ppwx-48q2