CVE-2022-23590
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-23590
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23590.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-23590
- Aliases
- Downstream
- Related
- Published
- 2022-02-04T22:32:10Z
- Modified
- 2025-10-30T19:32:36Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Crash due to erroneous `StatusOr` in Tensorflow
- Details
-
Tensorflow is an Open Source Machine Learning Framework. A
GraphDeffrom a TensorFlowSavedModelcan be maliciously altered to cause a TensorFlow process to crash due to encountering aStatusOrvalue that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. - Database specific
{ "cwe_ids": [ "CWE-754" ] }- References