BIT-tensorflow-2022-29208
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/tensorflow/BIT-tensorflow-2022-29208.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-tensorflow-2022-29208
- Aliases
- Published
- 2024-03-06T11:14:20.113Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of
tf.raw_ops.EditDistancehas incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values forloc. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. - Database specific
{ "cpes": [ "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:*", "cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*" ], "severity": "High" }- References
-
- https://github.com/tensorflow/tensorflow/commit/30721cf564cb029d34535446d6a5a6357bebc8e7
- https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
- https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
- https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
- https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r2f-g8mw-9gvr
Affected packages
Bitnami / tensorflow
Package
- Name
- tensorflow
- Purl
- pkg:bitnami/tensorflow
Severity
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.6.4Introduced2.7.0Fixed2.7.2
- Type
- SEMVER
- Events
-
Introduced2.7.0-rc0Last affected2.7.0-rc0Introduced2.7.0-rc1Last affected2.7.0-rc1Introduced2.8.0Last affected2.8.0Introduced2.8.0-rc0Last affected2.8.0-rc0Introduced2.8.0-rc1Last affected2.8.0-rc1Introduced2.9.0-rc0Last affected2.9.0-rc0Introduced2.9.0-rc1Last affected2.9.0-rc1