CVE-2022-36015

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The issue occurs when the RangeSize function receives values that do not fit into an int64 t, causing it to crash. This happens due to insufficient checks on the calculated size, which can exceed the maximum limit of int64 t. The estimated number of potentially affected devices worldwide is not available. There are no known real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider adding additional checks to prevent RangeSize from receiving values that exceed the int64 t limit until a patch is available.