CVE-2022-35992
- Source
- https://cve.org/CVERecord?id=CVE-2022-35992
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-35992.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-35992
- Aliases
- Downstream
- Related
- Published
- 2022-09-16T22:20:21Z
- Modified
- 2026-05-18T05:53:57.370481606Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- `CHECK` fail in `TensorListFromTensor` in TensorFlow
- Details
-
TensorFlow is an open source platform for machine learning. When
TensorListFromTensorreceives anelement_shapeof a rank greater than one, it gives aCHECKfail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/35xxx/CVE-2022-35992.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-617" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/35xxx/CVE-2022-35992.json
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp
- https://nvd.nist.gov/vuln/detail/CVE-2022-35992
- https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee