CVE-2022-23592

Name of the Vulnerable Software and Affected Versions TensorFlow version 2.8.0

Description The type inference in TensorFlow can cause a heap out of bounds read due to inadequate bounds checking, which is done in a DCHECK that is a no-op during production. An attacker can manipulate the input idx variable to make ix larger than the number of values in node t.args, leading to the issue.

Recommendations For TensorFlow version 2.8.0, update to a version that includes the fix, which will be available in TensorFlow 2.8.0. As a temporary workaround, consider restricting access to the type inference functionality until the update is applied.