CVE-2022-35934

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue can be exploited by passing a large shape to the tf.reshape function, causing the program to crash. The estimated number of potentially affected devices worldwide is not available. There are no known real-world incidents where this issue was exploited.

Recommendations For TensorFlow versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For TensorFlow versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For TensorFlow versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For TensorFlow versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the tf.reshape function with large shapes until a patch is available.