PT-2022-23103 · Google · Tensorflow
刘力源
·
Published
2022-09-16
·
Updated
2024-03-06
·
CVE-2022-36004
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.10.0
TensorFlow versions 2.9.1 and earlier
TensorFlow versions 2.8.1 and earlier
TensorFlow versions 2.7.2 and earlier
Description
The issue occurs when
tf.random.gamma receives large input shape and rates, resulting in a CHECK fail that can trigger a denial of service attack. This can happen when the function is called with specific arguments, such as large shapes and rates. There are no known workarounds for this issue.Recommendations
For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later to resolve the issue.
For TensorFlow versions 2.9.1 and earlier, update to version 2.9.1 or later to resolve the issue.
For TensorFlow versions 2.8.1 and earlier, update to version 2.8.1 or later to resolve the issue.
For TensorFlow versions 2.7.2 and earlier, update to version 2.7.2 or later to resolve the issue.
As a temporary workaround, consider avoiding the use of
tf.random.gamma with large input shapes and rates until a patch is available.Exploit
Fix
Assertion Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow