CVE-2022-21730
Out of bounds read in Tensorflow
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.1EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
03 fev 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Produtos afetados
n/a · n/aReferências
https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_avg_pool_op.cc#L209-L360https://github.com/tensorflow/tensorflow/commit/002408c3696b173863228223d535f9de72a101a9https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4