CVE-2022-29201

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29201

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29201.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-29201

Aliases

Related

GHSA-pqhm-4wvf-2jg8

Published

2022-05-20T23:15:44Z

Modified

2025-09-19T14:54:58.792951Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.QuantizedConv2D does not fully validate the input arguments. In this case, references get bound to nullptr for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0516d4d8bced506cae97dc3cb45dbd2fe4311f26

Fixed

0f0b080ecde4d3dfec158d6f60da34d5e31693c4

Fixed

33ed2b11cb8e879d86c371700e6573db1814a69e

Fixed

8a20d54a3c1bfa38c03ea99a2ad3c1b0a45dfa95

Fixed

dd7b8a3c1714d0052ce4b4a2fd8dcef927439a24

Affected versions

0.*

0.12.0-rc0

0.12.0-rc1

0.12.1

0.5.0

0.6.0

v0.*

v0.10.0

v0.10.0rc0

v0.11.0

v0.11.0rc0

v0.11.0rc1

v0.11.0rc2

v0.12.0

v0.7.0

v0.7.1

v0.8.0rc0

v0.9.0

v0.9.0rc0

v1.*

v1.0.0

v1.0.0-alpha

v1.0.0-rc0

v1.0.0-rc1

v1.0.0-rc2

v1.1.0

v1.1.0-rc0

v1.1.0-rc1

v1.1.0-rc2

v1.12.0

v1.12.0-rc0

v1.12.0-rc1

v1.12.0-rc2

v1.12.1

v1.2.0

v1.2.0-rc0

v1.2.0-rc1

v1.2.0-rc2

v1.3.0-rc0

v1.3.0-rc1

v1.5.0

v1.5.0-rc0

v1.5.0-rc1

v1.6.0

v1.6.0-rc0

v1.6.0-rc1

v1.7.0

v1.7.0-rc0

v1.7.0-rc1

v1.8.0

v1.8.0-rc0

v1.8.0-rc1

v1.9.0

v1.9.0-rc0

v1.9.0-rc1

v1.9.0-rc2

v2.*

v2.6.0

v2.6.0-rc0

v2.6.0-rc1

v2.6.0-rc2

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0-rc0

v2.7.0-rc1

v2.7.1

v2.8.0

v2.8.0-rc0

v2.8.0-rc1

v2.9.0-rc0

v2.9.0-rc1

v2.9.0-rc2

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2022-29201-15e5981f",
            "target": {
                "file": "tensorflow/core/kernels/quantized_conv_ops_test.cc",
                "function": "TEST_F"
            },
            "digest": {
                "function_hash": "169876322947976089489551384135146389691",
                "length": 1705.0
            },
            "signature_type": "Function"
        },
        {
            "source": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2022-29201-3da4a517",
            "target": {
                "file": "tensorflow/core/kernels/quantized_conv_ops.cc"
            },
            "digest": {
                "line_hashes": [
                    "222127464424197151312201508530572355375",
                    "334071559888152590303671518969569069212",
                    "303322664097994696350707705076678115994",
                    "61423412841982600026255808326272231029",
                    "12803966578727707693718103160251753128",
                    "26009922089557397114819885204638861534",
                    "169833022712220206946179210229954992585",
                    "166297090125927854202254850438197518963",
                    "266745669498482532529041100593662099803",
                    "196449550045563088823588211951274545458",
                    "49887445249216365808568830357617651480",
                    "238960558971486481657102953624929000728",
                    "67527139083513412173606849573818927966",
                    "60653666337444819877792196398075282985",
                    "306089263571182940769881042116993574999"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "source": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2022-29201-737899b5",
            "target": {
                "file": "tensorflow/core/kernels/quantized_conv_ops_test.cc",
                "function": "TEST_F"
            },
            "digest": {
                "function_hash": "334546105872343221942130398738612174008",
                "length": 1571.0
            },
            "signature_type": "Function"
        },
        {
            "source": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2022-29201-7d9d65e1",
            "target": {
                "file": "tensorflow/core/kernels/quantized_conv_ops_test.cc",
                "function": "TEST_F"
            },
            "digest": {
                "function_hash": "228402949433050483132927117190500744694",
                "length": 2271.0
            },
            "signature_type": "Function"
        },
        {
            "source": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2022-29201-cc59cefc",
            "target": {
                "file": "tensorflow/core/kernels/quantized_conv_ops_test.cc",
                "function": "TEST_F"
            },
            "digest": {
                "function_hash": "160498315446740084938018477911145023617",
                "length": 1515.0
            },
            "signature_type": "Function"
        },
        {
            "source": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2022-29201-e1b76e5e",
            "target": {
                "file": "tensorflow/core/kernels/quantized_conv_ops_test.cc"
            },
            "digest": {
                "line_hashes": [
                    "96102057876460340756226779263734911608",
                    "260894781741332688016660620914003383145",
                    "109305452863524769094266493699593454354",
                    "53873350927231335504726265587243618858",
                    "209481700081496145575083227306967568242",
                    "93410809845323035930536728146720775939",
                    "166965649408864252649373451883594788302",
                    "8787874801499126514889075172784323315",
                    "219140083370382327724085172135354997266",
                    "192872023628867772523033946557817606163",
                    "114981062074063230992394029044143918314",
                    "50533667815199908839388385633968739847",
                    "182968109486089702541765018081610329725",
                    "186054801188182943669412486827739604298",
                    "232550946738321337080989218819706504946",
                    "118655222761935353979913377724080259076",
                    "81596715103290379167193924796000237735",
                    "114981062074063230992394029044143918314",
                    "50533667815199908839388385633968739847",
                    "266443050688095839610705026918827544938",
                    "138539893050891084104936400065900402251",
                    "232550946738321337080989218819706504946",
                    "118655222761935353979913377724080259076",
                    "81596715103290379167193924796000237735",
                    "114981062074063230992394029044143918314",
                    "50533667815199908839388385633968739847",
                    "266443050688095839610705026918827544938",
                    "138539893050891084104936400065900402251",
                    "96102057876460340756226779263734911608",
                    "260894781741332688016660620914003383145",
                    "109305452863524769094266493699593454354",
                    "53873350927231335504726265587243618858",
                    "209481700081496145575083227306967568242",
                    "93410809845323035930536728146720775939",
                    "166965649408864252649373451883594788302"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "source": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2022-29201-e459b689",
            "target": {
                "file": "tensorflow/core/kernels/quantized_conv_ops_test.cc",
                "function": "TEST_F"
            },
            "digest": {
                "function_hash": "38527116282901780815697184308357372367",
                "length": 2271.0
            },
            "signature_type": "Function"
        }
    ]
}