CVE-2022-23580

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier

Description During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The issue arises from the allocation of a vector based on the num dims value, which is controlled by the user through a tensor. This can lead to potential security issues.

Recommendations For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions prior to 2.7.1, update to TensorFlow 2.7.1 or later. For versions prior to 2.6.3, update to TensorFlow 2.6.3 or later. For versions prior to 2.5.3, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider restricting the input values to prevent large vector allocations until a patch is applied.