Lucene search
Veracode Vulnerability DatabaseVERACODE:38156HistoryNov 22, 2022 - 10:12 a.m.
Denial Of Service (DoS)
2022-11-2210:12:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.001 Low
EPSS
Percentile
37.0%
Tensorflow is vulnerable to denial of service. The vulnerability exists because the input size of BCast::ToShape is not properly handled which allows an attacker to crash the application by sending inputs larger than int32.
References
github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h
github.com/tensorflow/tensorflow/commit/4da5db22b5a3dc57f34c957cd1ea7e665bc0f8ce
github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5
github.com/tensorflow/tensorflow/commit/8b10d7f2502c2ae543cb38012a9b0f8ae072d347
github.com/tensorflow/tensorflow/commit/e4df861d9a19764008690c4689d640eee2af2557
github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475
Related
cve
cve
CVE-2022-41890
2022-11-18 22:15:16
osv
osv
`CHECK` fail in `BCast` overflow
2022-11-21 20:42:10
BIT-tensorflow-2022-41890
2024-03-06 11:11:11
CVE-2022-41890
2022-11-18 22:15:16
cnvd
cnvd
Google TensorFlow buffer overflow vulnerability (CNVD-2022-80683)
2022-11-23 00:00:00
nessus
nessus
CBL Mariner 2.0 Security Update: tensorflow (CVE-2022-41890)
2023-03-20 00:00:00
TensorFlow < 2.9.3 Multiple Vulnerabilities
2024-05-24 00:00:00
TensorFlow < 2.10.1 Multiple Vulnerabilities
2024-05-20 00:00:00
nvd
nvd
CVE-2022-41890
2022-11-18 22:15:16
prion
prion
Design/Logic Flaw
2022-11-18 22:15:00
cvelist
cvelist
CVE-2022-41890 `CHECK` fail in `BCast` overflow in Tensorflow
2022-11-18 00:00:00
github
github
`CHECK` fail in `BCast` overflow
2022-11-21 20:42:10
cbl_mariner
cbl_mariner
CVE-2022-41890 affecting package tensorflow for versions less than 2.11.0-1
2022-12-09 20:03:11
