
We found results for “”
CVE-2022-23593
Good to know:

Date: February 4, 2022
Tensorflow is an Open Source Machine Learning Framework. The "simplifyBroadcast" function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then "maxRank" is 0, so we build an empty "SmallVector". The fix will be included in TensorFlow 2.8.0. This is the only affected version.
Language: C++
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Improper Check for Unusual or Exceptional Conditions
CWE-754Top Fix

Upgrade Version
Upgrade to version tensorflow - 2.8.0;tensorflow-gpu - 2.8.0;tensorflow-cpu - 2.8.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | PARTIAL |
Additional information: |