CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23595 – Null pointer dereference in TensorFlow
https://notcve.org/view.php?id=CVE-2022-23595
Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104 https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23590 – Crash due to erroneous `StatusOr` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23590
Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. Tensorflow es un Marco de Aprendizaje Automático de Código Abierto. Un "GraphDef" de un "SavedModel" de TensorFlow puede ser alterado de forma maliciosa para causar que un proceso de TensorFlow sea bloqueado debido a que encuentra un valor "StatusOr" que es un error y extrae a la fuerza el valor del mismo. • https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567 https://github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23591 – Stack overflow in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23591
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. • https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21740 – Heap overflow in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21740
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un marco de aprendizaje automático de código abierto. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273 https://github.com/tensorflow/tensorflow/commit/2b7100d6cdff36aa21010a82269bc05a6d1cc74a https://github.com/tensorflow/tensorflow/commit/adbbabdb0d3abb3cdeac69e38a96de1d678b24b3 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21741 – Division by zero in TFLite
https://notcve.org/view.php?id=CVE-2022-21741
Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/depthwise_conv.cc#L96 https://github.com/tensorflow/tensorflow/commit/e5b0eec199c2d03de54fd6a7fd9275692218e2bc https://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj • CWE-369: Divide By Zero •