Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2022-23594
Good to know:
Date: February 4, 2022
Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming "GraphDef" before converting it to the MLIR-based dialect. If an attacker changes the "SavedModel" format on disk to invalidate these assumptions and the "GraphDef" is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered.
Language: C++
Severity Score
Related Resources (5)
Severity Score
Top Fix
Upgrade Version
Upgrade to version tensorflow-cpu - 2.7.1;tensorflow-gpu - 2.7.1;tensorflow - 2.7.1
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | CHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | LOCAL |
| Access Complexity (AC): | LOW |
| Authentication (AU): | NONE |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | PARTIAL |
| Additional information: |