CVE-2022-24294

Name of the Vulnerable Software and Affected Versions Apache MXNet versions prior to 1.9.1

Description A regular expression used in Apache MXNet is vulnerable to a potential denial-of-service by excessive resource consumption. The issue could be exploited when loading a model in Apache MXNet that has a specially crafted operator name, causing the regular expression evaluation to use excessive resources to attempt a match.

Recommendations For Apache MXNet versions prior to 1.9.1, update to version 1.9.1 or later to resolve the issue. As a temporary workaround, consider restricting the loading of models with specially crafted operator names to minimize the risk of exploitation.