PYSEC-2022-156

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-gpu/PYSEC-2022-156.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2022-156

Aliases

Published

2022-02-04T23:15:00Z

Modified

2023-12-06T01:02:01.658258Z

Summary

[none]

Details

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK (which is a no-op during production). An attacker can control the input_idx variable such that ix would be larger than the number of values in node_t.args. The fix will be included in TensorFlow 2.8.0. This is the only affected version.

References

Affected packages

PyPI / tensorflow-gpu

Package

Name: tensorflow-gpu; View open source insights on deps.dev
Purl: pkg:pypi/tensorflow-gpu

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c99d98cd189839dcf51aee94e7437b54b31f8abd

Type: ECOSYSTEM
Events: Introduced

2.7.0

Fixed

2.8.0

Affected versions

2.*

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.8.0rc0

2.8.0rc1