CVE-2022-29213 Information

Jun 07, 2022 cve

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0 2.8.1 2.7.2 and 2.6.4 the tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes (due to CHECK-failures). Versions 2.9.0 2.8.1 2.7.2 and 2.6.4 contain a patch for this issue.

Reference

https://github.com/tensorflow/tensorflow/issues/55263 https://github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5889-7v45-q28m https://github.com/tensorflow/tensorflow/pull/55274

Share on: