fkie_cve-2022-29203
Vulnerability from fkie_nvd
Published
2022-05-20 23:15
Modified
2024-11-21 06:58
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tensorflow | * | ||
| tensorflow | * | ||
| tensorflow | 2.7.0 | ||
| tensorflow | 2.7.0 | ||
| tensorflow | 2.8.0 | ||
| tensorflow | 2.8.0 | ||
| tensorflow | 2.8.0 | ||
| tensorflow | 2.9.0 | ||
| tensorflow | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9359D32-D090-44CF-AC43-2046084A28BB",
"versionEndExcluding": "2.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4DFBF2D-5283-42F6-8800-D653BFA5CE82",
"versionEndExcluding": "2.7.2",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "A58EDA5C-66D6-46F1-962E-60AFB7C784A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89522760-C2DF-400D-9624-626D8F160CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E9EA1898-ACAA-4699-8BAE-54D62C1819FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "130DE3C9-6842-456F-A259-BF8FF8457217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BBF2FCEF-989C-409D-9F4C-81418C65B972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "9CFB1CFC-579D-4647-A472-6DE8BE1951DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3F3F37E-D27F-4060-830C-0AFF16150777",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue."
},
{
"lang": "es",
"value": "TensorFlow es una plataforma de c\u00f3digo abierto para el aprendizaje autom\u00e1tico. En versiones anteriores a 2.9.0, 2.8.1, 2.7.2 y 2.6.4, la implementaci\u00f3n de \"tf.raw_ops.SpaceToBatchND\" (en todos los backends como XLA y kernels manuscritos) es vulnerable a un desbordamiento de enteros: El resultado de este desbordamiento de enteros es usado para asignar el tensor de salida, por lo que es obtenido una denegaci\u00f3n de servicio por medio de un fallo de \"CHECK\" (fallo de aserci\u00f3n), como en TFSA-2021-198. Las versiones 2.9.0, 2.8.1, 2.7.2 y 2.6.4 contienen un parche para este problema"
}
],
"id": "CVE-2022-29203",
"lastModified": "2024-11-21T06:58:42.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T23:15:44.543",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-cjh4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-cjh4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…