CVE-2022-35991

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description TensorFlow is an open source platform for machine learning. When TensorListScatter and TensorListScatterV2 receive an element shape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack.

Recommendations For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of TensorListScatter and TensorListScatterV2 with an element shape of a rank greater than one until a patch is available.