CVE-2022-23580: Abort caused by allocating a vector that is too large in Tensorflow
(updated )
During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user:
const auto num_dims = Value(shape_dim);
std::vector<DimensionHandle> dims;
dims.reserve(num_dims);
References
- github.com/advisories/GHSA-627q-g293-49q7
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-89.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-144.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc
- github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7
- github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7
- nvd.nist.gov/vuln/detail/CVE-2022-23580
Detect and mitigate CVE-2022-23580 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →