CVE-2022-24294

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24294

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24294.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24294

Aliases

Published

2022-07-24T18:15:09Z

Modified

2025-01-14T10:49:59.895811Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1.

References

Affected packages

Git / github.com/apache/incubator-mxnet

Affected ranges

Type: GIT
Repo: https://github.com/apache/incubator-mxnet
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3f8f3be9987e259491ddc5a78aa9c6903e0b21e3

Affected versions

1.*

1.9.0

1.9.0.rc0

1.9.0.rc1

1.9.0.rc2

1.9.0.rc3

1.9.0.rc4

1.9.0.rc5

1.9.0.rc6

1.9.0.rc7

1.9.0.rc8

v0.*

v0.10.0

v0.7.0

v0.8.0

v0.9.1

v0.9.2

v0.9.3

v0.9.5