PT-2022-26115 · Google · Tensorflow
Pattarakrit Rattanukul
·
Published
2022-11-18
·
Updated
2024-03-06
·
CVE-2022-41884
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.11
TensorFlow version 2.10.1
TensorFlow version 2.9.3
TensorFlow version 2.8.4
Description
The issue arises when a numpy array is created with a shape such that one element is zero and the others sum to a large number, resulting in an error. For example, creating an array with the shape
(0, 2**31, 2**31) raises an error. The return value of PyArray SimpleNewFromData is not checked, which can lead to this error.Recommendations
For TensorFlow versions prior to 2.11, update to version 2.11 or later.
For TensorFlow version 2.10.1, apply the patch from GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784.
For TensorFlow version 2.9.3, apply the patch from GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784.
For TensorFlow version 2.8.4, apply the patch from GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow