CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35934 – `CHECK` failure in tf.reshape in Tensorflow
https://notcve.org/view.php?id=CVE-2022-35934
TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2022-29216 – Code injection in `saved_model_cli` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-29216
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574 https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7 https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 2CVE-2022-29213 – Incomplete validation in signal ops leads to crashes in TensorFlow
https://notcve.org/view.php?id=CVE-2022-29213
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. TensorFlow es una plataforma de código abierto para el aprendizaje automático. En versiones anteriores a 2.9.0, 2.8.1, 2.7.2 y 2.6.4, "tf.compat.v1.signal.rfft2d" y "tf.compat.v1.signal.rfft3d" carecen de comprobación de entrada y, bajo determinadas condiciones, pueden provocar bloqueos (debido a fallos de "CHECK"). • https://github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73 https://github.com/tensorflow/tensorflow/issues/55263 https://github.com/tensorflow/tensorflow/pull/55274 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-58 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29210 – Heap buffer overflow due to incorrect hash function in TensorFlow
https://notcve.org/view.php?id=CVE-2022-29210
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/framework/tensor_key.h#L53-L64 https://github.com/tensorflow/tensorflow/commit/1b85a28d395dc91f4d22b5f9e1e9a22e92ccecd6 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hc2f-7r5r-r2hg • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 3CVE-2022-29209 – Type confusion leading to `CHECK`-failure based denial of service in TensorFlow
https://notcve.org/view.php?id=CVE-2022-29209
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/platform/default/logging.h https://github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dc369109a1 https://github.com/tensorflow/tensorflow/issues/55530 https://github.com/tensorflow/tensorflow/pull/55730 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github&# • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •