CVE-2022-41880

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4

Description The issue occurs when the BaseCandidateSamplerOp function receives a value in true classes larger than range max, resulting in a heap out-of-bounds read. This can be triggered by calling the tf.raw ops.ThreadUnsafeUnigramCandidateSampler function with a true classes value exceeding the range max parameter.

Recommendations For TensorFlow versions prior to 2.11, update to version 2.11 or later. For TensorFlow version 2.10.1, apply the patch from GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. For TensorFlow version 2.9.3, apply the patch from GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. For TensorFlow version 2.8.4, apply the patch from GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. As a temporary workaround, consider restricting the input values for true classes to prevent them from exceeding the range max value.