tensorflow is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to an integer overflow in the EditDistance
function when the hypothesis_shape
perimeter is empty causing the application to crash.
CPE | Name | Operator | Version |
---|---|---|---|
tensorflow | le | 2.11.0 | |
tensorflow-cpu | le | 2.11.0 | |
tensorflow-gpu | le | 2.11.0 | |
tensorflow | le | 2.11.0 | |
tensorflow-cpu | le | 2.11.0 | |
tensorflow-gpu | le | 2.11.0 |
github.com/advisories/GHSA-7jvm-xxmr-v5cw
github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c
github.com/tensorflow/tensorflow/commit/b70838833b2a29dbf4ef47f904042950b44acec5
github.com/tensorflow/tensorflow/pull/59553
github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw