BIT-tensorflow-2022-23590
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/tensorflow/BIT-tensorflow-2022-23590.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-tensorflow-2022-23590
- Aliases
- Published
- 2024-03-06T11:14:48.854Z
- Modified
- 2025-05-20T10:02:07.006Z
- Summary
- Crash due to erroneous `StatusOr` in Tensorflow
- Details
-
Tensorflow is an Open Source Machine Learning Framework. A
GraphDeffrom a TensorFlowSavedModelcan be maliciously altered to cause a TensorFlow process to crash due to encountering aStatusOrvalue that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. - Database specific
{ "severity": "High", "cpes": [ "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*" ] }- References
-
- https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567
- https://github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278
- https://nvd.nist.gov/vuln/detail/CVE-2022-23590
Affected packages
Bitnami / tensorflow
Package
- Name
- tensorflow
- Purl
- pkg:bitnami/tensorflow
Severity
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator