Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-29205

Опубликовано: 20 мая 2022
Источник: nvd
CVSS3: 5.5
CVSS2: 2.1
EPSS Низкий

Описание

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1.* ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a nullptr value is passed to ParseDimensionValue for the py_value argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Версия до 2.6.4 (исключая)
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Версия от 2.7.0 (включая) до 2.7.2 (исключая)
cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*

EPSS

Процентиль: 14%
0.00046
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-476

Связанные уязвимости

debian логотип

CVE-2022-29205

CVSS3: 5.5
debian
больше 3 лет назад

TensorFlow is an open source platform for machine learning. Prior to v ...

github логотип

GHSA-54ch-gjq5-4976

CVSS3: 5.5
github
больше 3 лет назад

Segfault due to missing support for quantized types

EPSS

Процентиль: 14%
0.00046
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-476