CVE-2022-23591

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier

Description The GraphDef format in TensorFlow does not allow self recursive functions. However, a GraphDef containing a self recursive function fragment can be consumed when loading a SavedModel, resulting in a stack overflow during execution. This occurs because resolving each NodeDef means resolving the function itself and its nodes.

Recommendations For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later. For versions 2.5.3 and earlier, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider avoiding the use of self recursive functions in GraphDef until a patch is available.