CVE-2022-23572

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier

Description TensorFlow can fail to specialize a type during shape inference. This issue is covered by the DCHECK function, which is a no-op in production builds and an assertion failure in debug builds. As a result, execution proceeds to the ValueOrDie line, causing an assertion failure because ret contains an error Status, not a value. In debug builds, this also results in a crash due to the assertion failure.

Recommendations For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later.

Exploit

Fix

Improper Check for Exceptional Conditions

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-617

Related Identifiers

BIT-TENSORFLOW-2022-23572

CVE-2022-23572

GHSA-RWW7-2GPW-FV6J

OPENSUSE-SU-2024:12116-1

PYSEC-2022-136

PYSEC-2022-81

Affected Products

Tensorflow

CVE-2022-23572

Weakness Enumeration

Related Identifiers

Affected Products

References · 14