CVE-2022-29213: Improper Input Validation
(updated )
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes (due to CHECK-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
References
- github.com/advisories/GHSA-5889-7v45-q28m
- github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73
- github.com/tensorflow/tensorflow/issues/55263
- github.com/tensorflow/tensorflow/pull/55274
- github.com/tensorflow/tensorflow/releases/tag/v2.6.4
- github.com/tensorflow/tensorflow/releases/tag/v2.7.2
- github.com/tensorflow/tensorflow/releases/tag/v2.8.1
- github.com/tensorflow/tensorflow/releases/tag/v2.9.0
- github.com/tensorflow/tensorflow/security/advisories/GHSA-5889-7v45-q28m
- nvd.nist.gov/vuln/detail/CVE-2022-29213
Detect and mitigate CVE-2022-29213 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →