5.5
CVE-2022-29209
- EPSS 0.07%
- Published 21.05.2022 00:15:11
- Last modified 21.11.2024 06:58:43
- Source security-advisories@github.com
- Teams watchlist Login
- Open Login
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Data is provided by the National Vulnerability Database (NVD)
Google ≫ Tensorflow Version < 2.6.4
Google ≫ Tensorflow Version >= 2.7.0 < 2.7.2
Google ≫ Tensorflow Version2.7.0 Updaterc0
Google ≫ Tensorflow Version2.7.0 Updaterc1
Google ≫ Tensorflow Version2.8.0 Update-
Google ≫ Tensorflow Version2.8.0 Updaterc0
Google ≫ Tensorflow Version2.8.0 Updaterc1
Google ≫ Tensorflow Version2.9.0 Updaterc0
Google ≫ Tensorflow Version2.9.0 Updaterc1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.232 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
| security-advisories@github.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.