PT-2022-23046 · Google · Tensorflow
Jingyi Shi
·
Published
2022-09-16
·
Updated
2024-03-06
·
CVE-2022-35940
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.10.0
TensorFlow versions 2.9.1, 2.8.1, and 2.7.2
Description
The
RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also throws an abort signal that crashes the program.Recommendations
For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later.
For TensorFlow versions 2.9.1, 2.8.1, and 2.7.2, cherrypick the commit 37cefa91bee4eace55715eeef43720b958a01192 to resolve the issue.
As a temporary workaround, consider avoiding the use of very large float values for the
limits argument in the RaggedRangOp function until a patch is available.Exploit
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow