9.1
CVE-2022-35937
- EPSS 0.2%
- Published 16.09.2022 20:15:10
- Last modified 21.11.2024 07:12:00
- Source security-advisories@github.com
- Teams watchlist Login
- Open Login
TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Data is provided by the National Vulnerability Database (NVD)
Google ≫ Tensorflow Version >= 2.7.0 < 2.7.2
Google ≫ Tensorflow Version >= 2.8.0 < 2.8.1
Google ≫ Tensorflow Version >= 2.9.0 < 2.9.1
Google ≫ Tensorflow Version2.10 Updaterc0
Google ≫ Tensorflow Version2.10 Updaterc1
Google ≫ Tensorflow Version2.10 Updaterc2
Google ≫ Tensorflow Version2.10 Updaterc3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.428 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
| security-advisories@github.com | 7 | 2.2 | 4.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.