CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23565 – `CHECK`-failures in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23565
Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un Marco de Aprendizaje Automático de Código Abierto. • https://github.com/tensorflow/tensorflow/commit/c2b31ff2d3151acb230edc3f5b1832d2c713a9e0 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx • CWE-617: Reachable Assertion •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23562 – Integer overflow in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23562
Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/f0147751fd5d2ff23251149ebad9af9f03010732 https://github.com/tensorflow/tensorflow/issues/52676 https://github.com/tensorflow/tensorflow/pull/51733 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23563 – Insecure temporary file in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23563
Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. • https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23559 – Integer overflow in TFLite
https://notcve.org/view.php?id=CVE-2022-23559
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. • https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189 https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043 https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4 https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23560 – Read and Write outside of bounds in TFLite
https://notcve.org/view.php?id=CVE-2022-23560
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/internal/utils/sparsity_format_converter.cc#L252-L293 https://github.com/tensorflow/tensorflow/commit/6364463d6f5b6254cac3d6aedf999b6a96225038 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •