BIT-tensorflow-2022-23571

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/tensorflow/BIT-tensorflow-2022-23571.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-tensorflow-2022-23571

Aliases

Published

2024-03-06T11:15:13.953Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

References

Affected packages

Bitnami / tensorflow

Package

Name: tensorflow
Purl: pkg:bitnami/tensorflow

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.2

Introduced

2.6.0

Fixed

2.6.2

Type: SEMVER
Events: Introduced

2.7.0

Last affected

2.7.0