5.5
CVE-2022-29206
- EPSS 0.07%
- Veröffentlicht 20.05.2022 23:15:44
- Zuletzt bearbeitet 21.11.2024 06:58:42
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginTensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Google ≫ Tensorflow Version < 2.6.4
Google ≫ Tensorflow Version >= 2.7.0 < 2.7.2
Google ≫ Tensorflow Version2.7.0 Updaterc0
Google ≫ Tensorflow Version2.7.0 Updaterc1
Google ≫ Tensorflow Version2.8.0 Update-
Google ≫ Tensorflow Version2.8.0 Updaterc0
Google ≫ Tensorflow Version2.8.0 Updaterc1
Google ≫ Tensorflow Version2.9.0 Updaterc0
Google ≫ Tensorflow Version2.9.0 Updaterc1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.204 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
| security-advisories@github.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.