CVE-2022-29211

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4

Description The implementation of tf.histogram fixed width is vulnerable to a crash when the values array contains Not a Number (NaN) elements. This occurs because the implementation assumes all floating point operations are defined and then converts a floating point result to an integer index. If values contains NaN, the result of the division is still NaN and the cast to int32 would result in a crash. This issue only affects the CPU implementation.

Recommendations For versions prior to 2.9.0, update to version 2.9.0 or later. For versions prior to 2.8.1, update to version 2.8.1 or later. For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 2.6.4, update to version 2.6.4 or later. As a temporary workaround, consider avoiding the use of tf.histogram fixed width with arrays containing NaN elements until a patch is applied.