exploitDog

GHSA-pf36-r9c6-h97j

Опубликовано: 21 нояб. 2022

Источник: github

Github: Прошло ревью

CVSS3: 4.8

Описание

Invalid char to bool conversion when printing a tensor

Impact

When printing a tensor, we get it's data as a const char* array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash.

Patches

We have patched the issue in GitHub commit 1be743703279782a357adbf9b77dcb994fe8b508.

The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability was discovered via internal fuzzing.

Ссылки

Пакеты

Наименование

tensorflow

pip

Затронутые версииВерсия исправления

< 2.8.4

2.8.4

Наименование

tensorflow-cpu

pip

Затронутые версииВерсия исправления

>= 2.9.0, < 2.9.3

2.9.3

Наименование

tensorflow-gpu

pip

Затронутые версииВерсия исправления

>= 2.10.0, < 2.10.1

2.10.1

Наименование

tensorflow

pip

Затронутые версииВерсия исправления

>= 2.9.0, < 2.9.3

2.9.3

Наименование

tensorflow

pip

Затронутые версииВерсия исправления

>= 2.10.0, < 2.10.1

2.10.1

Наименование

tensorflow-cpu

pip

Затронутые версииВерсия исправления

< 2.8.4

2.8.4

Наименование

tensorflow-gpu

pip

Затронутые версииВерсия исправления

< 2.8.4

2.8.4

Наименование

tensorflow-gpu

pip

Затронутые версииВерсия исправления

>= 2.9.0, < 2.9.3

2.9.3

Наименование

tensorflow-cpu

pip

Затронутые версииВерсия исправления

>= 2.10.0, < 2.10.1

2.10.1

EPSS

Процентиль: 34%

0.00134

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-704

Связанные уязвимости

CVE-2022-41911

CVSS3: 4.8

nvd

около 3 лет назад

TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

CVE-2022-41911

CVSS3: 7.5

msrc

около 3 лет назад

Invalid char to bool conversion when printing a tensor in Tensorflow

CVE-2022-41911

CVSS3: 4.8

debian

около 3 лет назад

TensorFlow is an open source platform for machine learning. When print ...

EPSS

Процентиль: 34%

0.00134

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-704