5.5

CVE-2022-29211

Exploit

Segfault in TensorFlow if `tf.histogram_fixed_width` is called with NaN values

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleTensorflow Version < 2.6.4
GoogleTensorflow Version >= 2.7.0 < 2.7.2
GoogleTensorflow Version2.7.0 Updaterc0
GoogleTensorflow Version2.7.0 Updaterc1
GoogleTensorflow Version2.8.0 Update-
GoogleTensorflow Version2.8.0 Updaterc0
GoogleTensorflow Version2.8.0 Updaterc1
GoogleTensorflow Version2.9.0 Updaterc0
GoogleTensorflow Version2.9.0 Updaterc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.228
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
security-advisories@github.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
Third Party Advisory
Release Notes
https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
Third Party Advisory
Release Notes
https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
Third Party Advisory
Release Notes
https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
Third Party Advisory
Release Notes
https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc
Third Party Advisory
https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74
Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5
Patch
Third Party Advisory
https://github.com/tensorflow/tensorflow/issues/45770
Patch
Third Party Advisory
Exploit
Issue Tracking
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w
Patch
Third Party Advisory
Exploit