CVE-2022-23562

Integer overflow in Tensorflow

CVSS 7.6 HIGHEPSS 0.6%CWE-190

Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Produtos afetados

tensorflow · tensorflow

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/tensorflow/tensorflow/commit/f0147751fd5d2ff23251149ebad9af9f03010732 https://github.com/tensorflow/tensorflow/issues/52676 https://github.com/tensorflow/tensorflow/pull/51733 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr