CVE-2022-23577
Null-dereference in Tensorflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Tensorflow es un Marco de Aprendizaje Automático de Código Abierto. La implementación de "GetInitOp" es vulnerable a un bloqueo causado por una desreferencia de un puntero null. La corrección será incluida en TensorFlow versión 2.8.0. También seleccionaremos este commit en TensorFlow versión 2.7.1, TensorFlow versión 2.6.3, y TensorFlow versión 2.5.3, ya que estos también están afectados y aún están en el rango admitido
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-19 CVE Reserved
- 2022-02-04 CVE Published
- 2024-04-28 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61 | 2024-08-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | <= 2.5.2 Search vendor "Google" for product "Tensorflow" and version " <= 2.5.2" | - |
Affected
| ||||||
Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | >= 2.6.0 <= 2.6.2 Search vendor "Google" for product "Tensorflow" and version " >= 2.6.0 <= 2.6.2" | - |
Affected
| ||||||
Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | 2.7.0 Search vendor "Google" for product "Tensorflow" and version "2.7.0" | - |
Affected
|