tensorflow is vulnerable to denial of service. The vulnerability exists because the output_shape.AddDim
function of avgpooling_op.cc
does not properly validate the input for orig_input_shape
, allowing an attacker to crash the application through the check failure.
github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f
github.com/tensorflow/tensorflow/commit/86106fa653ade0dba77ff2029a3f3ffaeb8b8fbd
github.com/tensorflow/tensorflow/commit/e2c448fddfde7820dd530e84edf8152acb77efdc
github.com/tensorflow/tensorflow/commit/f322d33ed26f78b0ba242c90cf00d047e253c072
github.com/tensorflow/tensorflow/pull/57259
github.com/tensorflow/tensorflow/pull/57260
github.com/tensorflow/tensorflow/pull/57261
github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25