Home > Vulnerability Database > CVE-2022-35934

Mend.io Vulnerability Database

CVE-2022-35934

Good to know:

Date: September 16, 2022

TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Language: Python

Severity Score

7.5

Related Resources (4)

Url: https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555

Url: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-35934

Url: https://www.mend.io/vulnerability-database/CVE-2022-35934

Severity Score

7.5

Weakness Type (CWE)

Reachable Assertion

CWE-617

Top Fix

Upgrade Version

Upgrade to version tensorflow - 2.7.2,2.8.1,2.9.1,2.10.0, tensorflow-cpu - 2.7.2,2.8.1,2.9.1,2.10.0, tensorflow-gpu - 2.7.2,2.8.1,2.9.1,2.10.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-35934

Good to know:

Date: September 16, 2022

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?