CVE-2022-23591

Опубликовано: 04 фев. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel. This would result in a stack overflow during execution as resolving each NodeDef means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Ссылки

https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

Версия до 2.5.2 (включая)

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

Версия от 2.6.0 (включая) до 2.6.2 (включая)

cpe:2.3:a:google:tensorflow:2.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00335

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-674

Связанные уязвимости

CVE-2022-23591

CVSS3: 7.5

debian

почти 4 года назад

Tensorflow is an Open Source Machine Learning Framework. The `GraphDef ...

GHSA-247x-2f9f-5wp7

CVSS3: 7.5

github

почти 4 года назад

Stack overflow in TensorFlow

EPSS

Процентиль: 56%

0.00335

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-674