MEDIUM🇵🇱 Wersja polska

CVE-2022-29207

CVSS 5.5v3.1pub. 2022-05-20upd. 2024-11-21

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Google Tensorflow

    APP
    Google
    2.7.02.8.02.9.0< 2.6.42.7.0 – 2.7.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-25668CRITICAL9.8ten sam produkt

TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11...

CVE-2021-37678CRITICAL9.3ten sam produkt

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Ker...

CVE-2021-35958CRITICAL9.1ten sam produkt

TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.uti...

CVE-2020-15205CRITICAL9.0ten sam produkt

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops...

CVE-2020-15202CRITICAL9.0ten sam produkt

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the...