AI Threat Alert
CVE-2022-35964
HIGHTensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
Severity & Risk
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References
- github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa Patch 3rd Party
- github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668 Patch 3rd Party
- github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa Patch 3rd Party
- github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668 Patch 3rd Party