
We found results for “”
CVE-2022-23594
Good to know:

Date: February 4, 2022
Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming "GraphDef" before converting it to the MLIR-based dialect. If an attacker changes the "SavedModel" format on disk to invalidate these assumptions and the "GraphDef" is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered.
Language: C++
Severity Score
Related Resources (5)
Severity Score
Top Fix

Upgrade Version
Upgrade to version tensorflow-cpu - 2.7.1;tensorflow-gpu - 2.7.1;tensorflow - 2.7.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | LOCAL |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | PARTIAL |
Additional information: |