CVE-2022-29208

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29208

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29208.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-29208

Aliases

Published

2022-05-20T23:15:45Z

Modified

2024-10-12T10:14:57.666838Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for loc. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

30721cf564cb029d34535446d6a5a6357bebc8e7

Affected versions

0.*

0.12.0-rc0

0.12.0-rc1

0.12.1

0.5.0

0.6.0

v0.*

v0.10.0

v0.10.0rc0

v0.11.0

v0.11.0rc0

v0.11.0rc1

v0.11.0rc2

v0.12.0

v0.7.0

v0.7.1

v0.8.0rc0

v0.9.0

v0.9.0rc0

v1.*

v1.0.0

v1.0.0-alpha

v1.0.0-rc0

v1.0.0-rc1

v1.0.0-rc2

v1.1.0

v1.1.0-rc0

v1.1.0-rc1

v1.1.0-rc2

v1.12.0

v1.12.0-rc0

v1.12.0-rc1

v1.12.0-rc2

v1.12.1

v1.2.0

v1.2.0-rc0

v1.2.0-rc1

v1.2.0-rc2

v1.3.0-rc0

v1.3.0-rc1

v1.5.0

v1.5.0-rc0

v1.5.0-rc1

v1.6.0

v1.6.0-rc0

v1.6.0-rc1

v1.7.0

v1.7.0-rc0

v1.7.0-rc1

v1.8.0

v1.8.0-rc0

v1.8.0-rc1

v1.9.0

v1.9.0-rc0

v1.9.0-rc1

v1.9.0-rc2