CVE-2022-41890 – tensorflow-cpu

Package

Manager: pip
Name: tensorflow-cpu
Vulnerable Version: >=0 <2.8.4 || >=2.9.0 <2.9.3 || >=2.10.0 <2.10.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00103 pctl0.28956

Details

`CHECK` fail in `BCast` overflow ### Impact If [`BCast::ToShape`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h) is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in [`tf.experimental.numpy.outer`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h) by passing in large input to the input `b`. ```python import tensorflow as tf value = tf.constant(shape=[2, 1024, 1024, 1024], value=False) tf.experimental.numpy.outer(a=6,b=value) ``` ### Patches We have patched the issue in GitHub commit [8310bf8dd188ff780e7fc53245058215a05bdbe5](https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5). The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by Pattarakrit Rattankul.

Metadata

Created: 2022-11-21T20:42:10Z
Modified: 2022-11-21T20:42:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-h246-cgh4-7475/GHSA-h246-cgh4-7475.json
CWE IDs: ["CWE-704"]
Alternative ID: GHSA-h246-cgh4-7475
Finding: F113
Auto approve: 1