CVE-2022-23593
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-23593
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23593.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-23593
- Aliases
- Published
- 2022-02-04T22:32:08Z
- Modified
- 2025-11-04T19:33:41Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Segfault in `simplifyBroadcast` in Tensorflow
- Details
-
Tensorflow is an Open Source Machine Learning Framework. The
simplifyBroadcastfunction in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, thenmaxRankis 0, so we build an emptySmallVector. The fix will be included in TensorFlow 2.8.0. This is the only affected version. - Database specific
{ "cwe_ids": [ "CWE-754" ] }- References
-
- https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205
- https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2