icon

We found results for “

CVE-2022-23594

Good to know:

icon

Date: February 4, 2022

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming "GraphDef" before converting it to the MLIR-based dialect. If an attacker changes the "SavedModel" format on disk to invalidate these assumptions and the "GraphDef" is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered.

Language: C++

Severity Score

Severity Score

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Out-of-bounds Write

CWE-787

Top Fix

icon

Upgrade Version

Upgrade to version tensorflow-cpu - 2.7.1;tensorflow-gpu - 2.7.1;tensorflow - 2.7.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us