Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2022-23593
Good to know:
Date: February 4, 2022
Tensorflow is an Open Source Machine Learning Framework. The "simplifyBroadcast" function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then "maxRank" is 0, so we build an empty "SmallVector". The fix will be included in TensorFlow 2.8.0. This is the only affected version.
Language: C++
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Improper Check for Unusual or Exceptional Conditions
CWE-754Top Fix
Upgrade Version
Upgrade to version tensorflow - 2.8.0;tensorflow-gpu - 2.8.0;tensorflow-cpu - 2.8.0
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | LOW |
| Authentication (AU): | NONE |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | PARTIAL |
| Additional information: |