CVE-2022-23586

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier

Description A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter.

Recommendations For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions prior to 2.7.1, update to TensorFlow 2.7.1 or later. For versions prior to 2.6.3, update to TensorFlow 2.6.3 or later. For versions prior to 2.5.3, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider disabling the use of SavedModel until a patch is available.

Exploit

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BIT-TENSORFLOW-2022-23586

CVE-2022-23586

GHSA-43JF-985Q-588J

OPENSUSE-SU-2024:12116-1

PYSEC-2022-150

PYSEC-2022-95

Affected Products

Tensorflow

CVE-2022-23586

Weakness Enumeration

Related Identifiers

Affected Products

References · 15