CVE-2022-23567

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier

Description The implementations of Sparse*Cwise* ops in TensorFlow are vulnerable to integer overflows. These can be used to trigger large allocations, resulting in OOM-based denial of service, or CHECK-fails when building new TensorShape objects, leading to assert failures-based denial of service. The issue arises from missing validation on the shapes of the input tensors and directly constructing a large TensorShape with user-provided dimensions.

Recommendations For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later. For versions 2.5.3 and earlier, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider disabling the Sparse*Cwise* ops until a patch is available. Restrict access to the TensorShape constructor to minimize the risk of exploitation. Avoid using user-provided dimensions when constructing a TensorShape object until the issue is resolved.