CVE-2022-23558: Integer Overflow or Wraparound
(updated )
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate
. The TfLiteIntArrayGetSizeInBytes
returns an int
instead of a size_t. An attacker can control model inputs such that
computed_sizeoverflows the size of
int` datatype. The fix will be included in TensorFlow We will also cherrypick this commit on TensorFlow, TensorFlow, and TensorFlow, as these are also affected and still in supported range.
References
- github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c
- github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c
- github.com/tensorflow/tensorflow/commit/a1e1511dde36b3f8aa27a6ec630838e7ea40e091
- github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3
- nvd.nist.gov/vuln/detail/CVE-2022-23558
Detect and mitigate CVE-2022-23558 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →