PYSEC-2022-102

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2022-102.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2022-102
Aliases
Published
2022-02-04T23:15:00Z
Modified
2023-12-06T01:02:01.723228Z
Summary
[none]
Details

Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector. The fix will be included in TensorFlow 2.8.0. This is the only affected version.

References

Affected packages

PyPI / tensorflow-cpu

Package

Affected ranges

Type
GIT
Repo
https://github.com/tensorflow/tensorflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
2.7.0
Fixed
2.8.0

Affected versions

2.*

2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.8.0rc0
2.8.0rc1