CVE-2022-35998

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The issue arises when EmptyTensorList receives an input element shape with more than one dimension, resulting in a CHECK fail that can be used to trigger a denial of service attack. This can be exploited by providing a specially crafted input to the tf.raw ops.EmptyTensorList function, such as element shape=tf.ones(dtype=tf.int32, shape=[1, 0]).

Recommendations For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of tf.raw ops.EmptyTensorList with element shape having more than one dimension until a patch is available.