PT-2022-26119 · Google · Tensorflow
Pattarakrit Rattankul
·
Published
2022-11-18
·
Updated
2024-03-06
·
CVE-2022-41888
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.11
TensorFlow versions 2.10.1, 2.9.3, and 2.8.4
Description
TensorFlow is an open source platform for machine learning. When running on GPU, the function
tf.image.generate bounding box proposals receives a scores input that must be of rank 4 but is not checked.Recommendations
For TensorFlow versions prior to 2.11, update to version 2.11 or later.
For TensorFlow versions 2.10.1, 2.9.3, and 2.8.4, apply the patch from GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98.
As a temporary workaround, consider validating the rank of the
scores input before passing it to tf.image.generate bounding box proposals.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow