Denial Of Service (DoS)

2022-09-2011:18:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

tensorflow

compute function

vulnerability

denial of service

list_kernels.cc

num_elements

application crash

0.001 Low

EPSS

Percentile

40.3%

JSON

tensorflow is vulnerable to denial of service. The vulnerability exists in Compute function of list_kernels.cc because the it doesn’t properly handle the size of num_elements which allows an attacker to provide more than one element causing an application crash.

CPENameOperatorVersion
tensorfloweq2.10.0rc0
tensorflowle2.9.1
tensorflowle2.8.2
tensorflowle2.7.3
tensorflow-cpueq2.10.0rc0
tensorflow-cpule2.9.1
tensorflow-cpule2.8.2
tensorflow-cpule2.7.3
tensorflow-gpueq2.10.0rc0
tensorflow-gpule2.9.1

Name	Operator	Version
tensorflow	eq	2.10.0rc0
tensorflow	le	2.9.1
tensorflow	le	2.8.2
tensorflow	le	2.7.3
tensorflow-cpu	eq	2.10.0rc0
tensorflow-cpu	le	2.9.1
tensorflow-cpu	le	2.8.2
tensorflow-cpu	le	2.7.3
tensorflow-gpu	eq	2.10.0rc0
tensorflow-gpu	le	2.9.1