CVE-2022-35992

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1, 2.8.1, and 2.7.2 are also affected

Description The issue occurs when TensorListFromTensor receives an element shape of a rank greater than one, resulting in a CHECK fail that can trigger a denial of service attack. There are no known workarounds for this issue.

Recommendations For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later to resolve the issue. For TensorFlow versions 2.9.1, 2.8.1, and 2.7.2, update to the respective cherrypicked versions to resolve the issue. As a temporary workaround, consider avoiding the use of TensorListFromTensor with an element shape of a rank greater than one until a patch is available.