CVE-2022-23592

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23592

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23592.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23592

Aliases

Published

2022-02-04T22:32:14Z

Modified

2025-10-22T18:43:09.770325Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

Out of bounds read in Tensorflow

Details

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK (which is a no-op during production). An attacker can control the input_idx variable such that ix would be larger than the number of values in node_t.args. The fix will be included in TensorFlow 2.8.0. This is the only affected version.

Database specific

{
    "cwe_ids": [
        "CWE-125"
    ]
}

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c99d98cd189839dcf51aee94e7437b54b31f8abd

Affected versions

0.*

0.12.0-rc0

0.12.0-rc1

0.12.1

0.5.0

0.6.0

v0.*

v0.10.0

v0.10.0rc0

v0.11.0

v0.11.0rc0

v0.11.0rc1

v0.11.0rc2

v0.12.0

v0.7.0

v0.7.1

v0.8.0rc0

v0.9.0

v0.9.0rc0

v1.*

v1.0.0

v1.0.0-alpha

v1.0.0-rc0

v1.0.0-rc1

v1.0.0-rc2

v1.1.0

v1.1.0-rc0

v1.1.0-rc1

v1.1.0-rc2

v1.12.0

v1.12.0-rc0

v1.12.0-rc1

v1.12.0-rc2

v1.12.1

v1.2.0

v1.2.0-rc0

v1.2.0-rc1

v1.2.0-rc2

v1.3.0-rc0

v1.3.0-rc1

v1.5.0

v1.5.0-rc0

v1.5.0-rc1

v1.6.0

v1.6.0-rc0

v1.6.0-rc1

v1.7.0

v1.7.0-rc0

v1.7.0-rc1

v1.8.0

v1.8.0-rc0

v1.8.0-rc1

v1.9.0

v1.9.0-rc0

v1.9.0-rc1

v1.9.0-rc2

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/tensorflow/tensorflow/commit/c99d98cd189839dcf51aee94e7437b54b31f8abd",
        "id": "CVE-2022-23592-390d04c3",
        "deprecated": false,
        "target": {
            "file": "tensorflow/core/graph/graph.cc"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "136651980621224309214062973178986216571",
                "315342723120849409558061145063358964265",
                "278934803457203388621311444072048361556",
                "250291118351502504129999968134957631312",
                "2264576344377463300726046103558255457",
                "332267417778269824759097762631808357996",
                "72481936810125389658479841137545332434"
            ]
        }
    },
    {
        "source": "https://github.com/tensorflow/tensorflow/commit/c99d98cd189839dcf51aee94e7437b54b31f8abd",
        "id": "CVE-2022-23592-65cb5a3a",
        "deprecated": false,
        "target": {
            "function": "Node::RunForwardTypeInference",
            "file": "tensorflow/core/graph/graph.cc"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "length": 1581.0,
            "function_hash": "199817465963297102726003794640360933190"
        }
    }
]