CVE-2022-23590: Improper Check for Unusual or Exceptional Conditions
(updated )
Tensorflow is an Open Source Machine Learning Framework. A GraphDef
from a TensorFlow SavedModel
can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr
value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow and TensorFlow, as both are affected.
References
- github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc
- github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439
- github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278
- nvd.nist.gov/vuln/detail/CVE-2022-23590
Detect and mitigate CVE-2022-23590 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →