CVE-2022-23570
Null-dereference in Tensorflow
In short
TensorFlow can crash or malfunction when processing specially crafted data files if certain required information is missing. An attacker could send malformed input to cause the application using TensorFlow to stop working or behave unexpectedly.
Technical detail
A null-dereference vulnerability exists in TensorFlow's protobuf tensor decoding when mutable operation arguments lack required attributes. The vulnerability is guarded only by DCHECK (disabled in production builds), allowing null pointer dereference in release builds or assertion failures in debug builds. Remote attackers can trigger a denial of service by providing malformed protobuf inputs.
Summary generated and translated by AI from the official description.
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
tensorflow · tensorflowWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L104-L106https://github.com/tensorflow/tensorflow/commit/8a513cec4bec15961fbfdedcaa5376522980455chttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9p77-mmrw-69c7