BIT-tensorflow-2022-23593
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/tensorflow/BIT-tensorflow-2022-23593.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-tensorflow-2022-23593
- Aliases
- Published
- 2024-03-06T11:14:45.142Z
- Modified
- 2025-04-03T14:40:37.652Z
- Summary
- [none]
- Details
-
Tensorflow is an Open Source Machine Learning Framework. The
simplifyBroadcastfunction in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, thenmaxRankis 0, so we build an emptySmallVector. The fix will be included in TensorFlow 2.8.0. This is the only affected version. - Database specific
{ "cpes": [ "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*" ], "severity": "High" }- References
-
- https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205
- https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2
- https://nvd.nist.gov/vuln/detail/CVE-2022-23593
Affected packages
Bitnami / tensorflow
Package
- Name
- tensorflow
- Purl
- pkg:bitnami/tensorflow
Severity
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator