CVE-2022-23581

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-23581
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23581.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-23581
Aliases
Downstream
Related
Published
2022-02-04T23:15:14Z
Modified
2025-09-19T14:29:34.636605Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type
GIT
Repo
https://github.com/tensorflow/tensorflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Fixed

Affected versions

0.*

0.12.0-rc0
0.12.0-rc1
0.12.1
0.5.0
0.6.0

v0.*

v0.10.0
v0.10.0rc0
v0.11.0
v0.11.0rc0
v0.11.0rc1
v0.11.0rc2
v0.12.0
v0.7.0
v0.7.1
v0.8.0rc0
v0.9.0
v0.9.0rc0

v1.*

v1.0.0
v1.0.0-alpha
v1.0.0-rc0
v1.0.0-rc1
v1.0.0-rc2
v1.1.0
v1.1.0-rc0
v1.1.0-rc1
v1.1.0-rc2
v1.12.0
v1.12.0-rc0
v1.12.0-rc1
v1.12.0-rc2
v1.12.1
v1.2.0
v1.2.0-rc0
v1.2.0-rc1
v1.2.0-rc2
v1.3.0-rc0
v1.3.0-rc1
v1.5.0
v1.5.0-rc0
v1.5.0-rc1
v1.6.0
v1.6.0-rc0
v1.6.0-rc1
v1.7.0
v1.7.0-rc0
v1.7.0-rc1
v1.8.0
v1.8.0-rc0
v1.8.0-rc1
v1.9.0
v1.9.0-rc0
v1.9.0-rc1
v1.9.0-rc2

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "60428052562836645689915853649096300717",
                "length": 462.0
            },
            "id": "CVE-2022-23581-02d098cc",
            "source": "https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1",
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "tensorflow/core/grappler/optimizers/constant_folding.cc",
                "function": "ConstantFolding::SimplifyReshape"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "291803604048999374685491920316097878347",
                    "196261668207520199521030971432516832149",
                    "281416142756056356136733616976482111258",
                    "248134703457133476322185986958674028659",
                    "326247888634599214110625730525728626270",
                    "263102574796256304225956351953158059046",
                    "214054289580731530076254622287429164631",
                    "218182942498966293045332325251067578041",
                    "164585691513948107293387167997700529728",
                    "114889641601735056294896397420922644479",
                    "85586788092688797456273028741921741759"
                ]
            },
            "id": "CVE-2022-23581-604483a3",
            "source": "https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6",
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "tensorflow/core/grappler/optimizers/constant_folding.cc"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "122185979832780250525560596617065858686",
                "length": 2207.0
            },
            "id": "CVE-2022-23581-706b8654",
            "source": "https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082",
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "tensorflow/core/grappler/optimizers/constant_folding.cc",
                "function": "ConstantFolding::IsSimplifiableReshape"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "104819301980444256819822525614623136349",
                    "302196983748853736642835375013848309671",
                    "250297511009787528537414945425938653237",
                    "281130610567445929392677110530186795575",
                    "119384494243069654468649270739711815784",
                    "65540045187216442370212838415459153339",
                    "313232593577112759403949508494521561478",
                    "102495868916924740467831956077534610474"
                ]
            },
            "id": "CVE-2022-23581-a7e6f628",
            "source": "https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082",
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "tensorflow/core/grappler/optimizers/constant_folding.cc"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "119950037816867698988284503655705673894",
                    "300183971683387255450238827776747827969",
                    "105225441913083009668310685762975952215",
                    "182164177950311513268161149728070381222",
                    "139751130630133826907223965208853096360"
                ]
            },
            "id": "CVE-2022-23581-b40efb64",
            "source": "https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1",
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "tensorflow/core/grappler/optimizers/constant_folding.h"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "282446183622685287017169331115815119935",
                "length": 2442.0
            },
            "id": "CVE-2022-23581-b8e14cad",
            "source": "https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6",
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "tensorflow/core/grappler/optimizers/constant_folding.cc",
                "function": "ConstantFolding::IsSimplifiableReshape"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "108937133292191499137521582166130750804",
                "length": 1467.0
            },
            "id": "CVE-2022-23581-c9f8dfff",
            "source": "https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1",
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "tensorflow/core/grappler/optimizers/constant_folding.cc",
                "function": "ConstantFolding::IsSimplifiableReshape"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "328763277001584054911904637593907139776",
                    "76536811408585770726539454830382505591",
                    "197435128369308252965593751916162804828",
                    "16653932598899127860287105031304192433",
                    "313501961681827370660494624391376251356",
                    "23259238521968614643015654509531808916",
                    "255475130872262181306065042244274402391",
                    "250297511009787528537414945425938653237",
                    "114281288583312364938687926027246146511",
                    "45178966217972043406678845575629412357",
                    "285956189640364701867856275524197264258",
                    "113080805207385975829452640657849200426",
                    "140208514048166887592231491636814350431",
                    "287901946609895513791859571475227782132",
                    "141484591989170339194235369612183515134",
                    "67535953356141525809399798818831224796",
                    "313232593577112759403949508494521561478",
                    "102495868916924740467831956077534610474",
                    "170367697546621774569605407413287488867",
                    "41380434449725661876902050003369492704",
                    "90459118289917094660943801069425303602",
                    "162305767033480325764159081892150144778",
                    "53369593955201560563131559778674621194",
                    "54131146959050045794105356190814495991",
                    "236295248214015132959568260851621866516",
                    "188878834775138955295670503079715975057",
                    "300987311683459313406244390645975712042",
                    "321204433749996956619660793790839168041",
                    "168450251660633564577541548908931438248",
                    "110827823984098206613132292282923890069",
                    "147984704998882669080322575485212727579",
                    "168544072421176958237055965329765795251",
                    "52932166097607677333550966219672934562",
                    "94850545959053876796722180039165847136",
                    "4811739361072355861839153829774422148",
                    "103869478055474575530491569122697168272",
                    "170546340776109144799373929024777660533",
                    "62425626509914868013783739320573427607"
                ]
            },
            "id": "CVE-2022-23581-d8ac7d96",
            "source": "https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1",
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "tensorflow/core/grappler/optimizers/constant_folding.cc"
            },
            "deprecated": false
        }
    ]
}