CVE-2022-29211

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29211

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29211.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-29211

Aliases

Related

GHSA-xrp2-fhq4-4q3w

Published

2022-05-21T00:15:11Z

Modified

2025-09-19T22:55:22.798523Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.histogram_fixed_width is vulnerable to a crash when the values array contain Not a Number (NaN) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If values contains NaN then the result of the division is still NaN and the cast to int32 would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0516d4d8bced506cae97dc3cb45dbd2fe4311f26

Fixed

33ed2b11cb8e879d86c371700e6573db1814a69e

Fixed

8a20d54a3c1bfa38c03ea99a2ad3c1b0a45dfa95

Fixed

dd7b8a3c1714d0052ce4b4a2fd8dcef927439a24

Fixed

e57fd691c7b0fd00ea3bfe43444f30c1969748b5

Affected versions

0.*

0.12.0-rc0

0.12.0-rc1

0.12.1

0.5.0

0.6.0

v0.*

v0.10.0

v0.10.0rc0

v0.11.0

v0.11.0rc0

v0.11.0rc1

v0.11.0rc2

v0.12.0

v0.7.0

v0.7.1

v0.8.0rc0

v0.9.0

v0.9.0rc0

v1.*

v1.0.0

v1.0.0-alpha

v1.0.0-rc0

v1.0.0-rc1

v1.0.0-rc2

v1.1.0

v1.1.0-rc0

v1.1.0-rc1

v1.1.0-rc2

v1.12.0

v1.12.0-rc0

v1.12.0-rc1

v1.12.0-rc2

v1.12.1

v1.2.0

v1.2.0-rc0

v1.2.0-rc1

v1.2.0-rc2

v1.3.0-rc0

v1.3.0-rc1

v1.5.0

v1.5.0-rc0

v1.5.0-rc1

v1.6.0

v1.6.0-rc0

v1.6.0-rc1

v1.7.0

v1.7.0-rc0

v1.7.0-rc1

v1.8.0

v1.8.0-rc0

v1.8.0-rc1

v1.9.0

v1.9.0-rc0

v1.9.0-rc1

v1.9.0-rc2

v2.*

v2.6.0

v2.6.0-rc0

v2.6.0-rc1

v2.6.0-rc2

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0-rc0

v2.7.0-rc1

v2.7.1

v2.8.0

v2.8.0-rc0

v2.8.0-rc1

v2.9.0-rc0

v2.9.0-rc1

v2.9.0-rc2

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "247783404680361708437325726329464678994",
                    "1005590806467546794009971177375453934",
                    "193675705274112267247089066130345307749",
                    "57213901490026864526435380742068414829",
                    "68084122760472468246441034132885363283",
                    "252852242596897741054770007470179062159",
                    "45157262254270421180038828280834683304",
                    "52535804439167373069539820630268281484",
                    "280934787098348347250678020676998889025",
                    "248765645295846010866718304492184056873",
                    "229281838097421501092479239343947475832",
                    "70000862094958528855243894599012906032"
                ]
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5",
            "id": "CVE-2022-29211-e89f095d",
            "deprecated": false,
            "target": {
                "file": "tensorflow/core/kernels/histogram_op.cc"
            }
        }
    ]
}