Vulnerability CVE-2022-29213


Published: 2022-05-21

Description:
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Type:

CWE-20

(Improper Input Validation)

 References:
https://github.com/tensorflow/tensorflow/issues/55263
https://github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73
https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5889-7v45-q28m
https://github.com/tensorflow/tensorflow/pull/55274

Copyright 2022, cxsecurity.com

 

Back to Top