CVE-2022-23590
Crash due to erroneous `StatusOr` in Tensorflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected.
Tensorflow es un Marco de Aprendizaje Automático de Código Abierto. Un "GraphDef" de un "SavedModel" de TensorFlow puede ser alterado de forma maliciosa para causar que un proceso de TensorFlow sea bloqueado debido a que encuentra un valor "StatusOr" que es un error y extrae a la fuerza el valor del mismo. Hemos parcheado el problema en múltiples commits de GitHub y estos será incluidos en TensorFlow versión 2.8.0 y TensorFlow versión 2.7.1, ya que ambos están afectados
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-19 CVE Reserved
- 2022-02-04 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-09-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-754: Improper Check for Unusual or Exceptional Conditions
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567 | 2024-08-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | < 2.7.1 Search vendor "Google" for product "Tensorflow" and version " < 2.7.1" | - |
Affected
| ||||||