Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2022-23563
Good to know:
Date: February 4, 2022
Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses "tempfile.mktemp" to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in "mktemp" and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the "mktemp" function usage. We have patched the issue in several commits, replacing "mktemp" with the safer "mkstemp"/"mkdtemp" functions, according to the usage pattern. Users are advised to upgrade as soon as possible.
Language: C++
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Top Fix
Upgrade Version
Upgrade to version tensorflow - 2.7.1;tensorflow - 2.6.3;tensorflow - 2.5.3;tensorflow-gpu - 2.6.3;tensorflow-gpu - 2.7.1;tensorflow-gpu - 2.5.3;tensorflow-cpu - 2.6.3;tensorflow-cpu - 2.7.1;tensorflow-cpu - 2.5.3
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | NONE |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | LOCAL |
| Access Complexity (AC): | MEDIUM |
| Authentication (AU): | NONE |
| Confidentiality (C): | PARTIAL |
| Integrity (I): | PARTIAL |
| Availability (A): | NONE |
| Additional information: |