CVE-2022-23569

Опубликовано: 03 фев. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails (i.e., assertion failures). This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Ссылки

https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

Версия до 2.5.2 (включая)

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

Версия от 2.6.0 (включая) до 2.6.2 (включая)

cpe:2.3:a:google:tensorflow:2.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00118

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-617

Связанные уязвимости

CVE-2022-23569

CVSS3: 6.5

debian

около 4 лет назад

Tensorflow is an Open Source Machine Learning Framework. Multiple oper ...

GHSA-qj5r-f9mv-rffh

CVSS3: 6.5

github

почти 4 года назад

`CHECK`-fails when building invalid tensor shapes in Tensorflow

EPSS

Процентиль: 31%

0.00118

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-617