CVE-2022-41896

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4

Description TensorFlow is an open source platform for machine learning. If ThreadUnsafeUnigramCandidateSampler is given input filterbank channel count greater than the allowed max size, TensorFlow will crash.

Recommendations For TensorFlow versions prior to 2.11, update to version 2.11 or later. For TensorFlow version 2.10.1, update to a version that includes the patch from GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. For TensorFlow version 2.9.3, update to a version that includes the patch from GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. For TensorFlow version 2.8.4, update to a version that includes the patch from GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. As a temporary workaround, consider restricting the input filterbank channel count to prevent it from exceeding the allowed max size.