AI Threat Alert

CVE-2022-23586

MEDIUM
Published February 4, 2022

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
tensorflow pip No patch
tensorflow pip No patch
tensorflow pip No patch

Severity & Risk

CVSS 3.1
6.5 / 10
EPSS
N/A
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Weaknesses (CWE)

CWE-617

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Timeline

Published
February 4, 2022
Last Modified
November 21, 2024
First Seen
February 4, 2022
Back to Threat Feed