CVE-2022-23562 Information

Jun 07, 2022 cve

Description

Tensorflow is an Open Source Machine Learning Framework. The implementation of Range suffers from integer overflows. These can trigger undefined behavior or in some scenarios extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1 TensorFlow 2.6.3 and TensorFlow 2.5.3 as these are also affected and still in supported range.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/tensorflow/tensorflow/commit/f0147751fd5d2ff23251149ebad9af9f03010732 https://github.com/tensorflow/tensorflow/pull/51733 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr https://github.com/tensorflow/tensorflow/issues/52676

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8

Share on: