CVE-2022-23582: Reachable Assertion
(updated )
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel
such that TensorByteSize
would trigger CHECK
failures. TensorShape
constructor throws a CHECK
-fail if shape is partial or has a number of elements that would overflow the size of an int
. The PartialTensorShape
constructor instead does not cause a CHECK
-abort if the shape is partial, which is exactly what this function needs to be able to return -1
. The fix will be included in TensorFlow We will also cherrypick this commit on TensorFlow, TensorFlow, and TensorFlow, as these are also affected and still in supported range.
References
- github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc
- github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02
- github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v
- nvd.nist.gov/vuln/detail/CVE-2022-23582
Detect and mitigate CVE-2022-23582 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →