CVE-2022-29213
21.05.2022, 00:15
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.Enginsight
| Vendor | Product | Version |
|---|---|---|
| tensorflow | 𝑥 < 2.6.4 | |
| tensorflow | 2.7.0 ≤ 𝑥 < 2.7.2 | |
| tensorflow | 2.7.0:rc0 | |
| tensorflow | 2.7.0:rc1 | |
| tensorflow | 2.8.0 | |
| tensorflow | 2.8.0:rc0 | |
| tensorflow | 2.8.0:rc1 | |
| tensorflow | 2.9.0:rc0 | |
| tensorflow | 2.9.0:rc1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-617 - Reachable AssertionThe product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
References