CVE-2022-41884

Опубликовано: 18 нояб. 2022

Источник: nvd

CVSS3: 4.8

CVSS3: 7.5

EPSS Низкий

Описание

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Ссылки

https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636
Exploit
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

Версия до 2.8.4 (исключая)

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

Версия от 2.9.0 (включая) до 2.9.3 (исключая)

cpe:2.3:a:google:tensorflow:2.10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00171

Низкий

4.8 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-670

Связанные уязвимости

CVE-2022-41884

CVSS3: 7.5

msrc

около 3 лет назад

Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow

CVE-2022-41884

CVSS3: 4.8

debian

около 3 лет назад

TensorFlow is an open source platform for machine learning. If a numpy ...

GHSA-jq6x-99hj-q636

CVSS3: 4.8

github

около 3 лет назад

Seg fault in `ndarray_tensor_bridge` due to zero and large inputs

EPSS

Процентиль: 39%

0.00171

Низкий

4.8 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-670