PT-2022-23043 · Google · Tensorflow
Hui Peng
·
Published
2022-09-16
·
Updated
2024-03-06
·
CVE-2022-35937
CVSS v3.1
7.0
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.10.0
TensorFlow versions 2.9.1, 2.8.1, and 2.7.2 are also affected
Description
The
GatherNd function in TensorFlow takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been reported by Hui Peng from Baidu Security.Recommendations
For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later to resolve the issue.
For TensorFlow versions 2.9.1, 2.8.1, and 2.7.2, update to the respective cherrypicked versions to resolve the issue.
As a temporary workaround, consider restricting the use of the
GatherNd function until a patch is available.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow