Vulnerabilities > CVE-2022-29209 - Type Confusion vulnerability in Google Tensorflow

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

google

CWE-843

NVD

Published: 2022-05-21

Updated: 2022-06-03

Summary

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Vulnerable Configurations

Part	Description	Count
Application	Google Google Tensorflow 2.7.0 Google Tensorflow 2.7.1 Google Tensorflow - Google Tensorflow 0.1.7 Google Tensorflow 0.5.0 Google Tensorflow 0.6.0 Google Tensorflow 0.7.0 Google Tensorflow 0.7.1 Google Tensorflow 0.8.0 Google Tensorflow 0.9.0 Google Tensorflow 0.10.0 Google Tensorflow 0.11.0 Google Tensorflow 0.12.0 Google Tensorflow 0.12.1 Google Tensorflow 1.0.0 Google Tensorflow 1.0.1 Google Tensorflow 1.1.0 Google Tensorflow 1.2.0 Google Tensorflow 1.2.1 Google Tensorflow 1.3.0 Google Tensorflow 1.3.1 Google Tensorflow 1.4.0 Google Tensorflow 1.4.1 Google Tensorflow 1.5.0 Google Tensorflow 1.5.1 Google Tensorflow 1.6.0 Google Tensorflow 1.7.0 Google Tensorflow 1.7.1 Google Tensorflow 1.8.0 Google Tensorflow 1.9.0 Google Tensorflow 1.10.0 Google Tensorflow 1.10.1 Google Tensorflow 1.11.0 Google Tensorflow 1.12.0 Google Tensorflow 1.12.1 Google Tensorflow 1.12.2 Google Tensorflow 1.12.3 Google Tensorflow 1.13.0 Google Tensorflow 1.13.1 Google Tensorflow 1.13.2 Google Tensorflow 1.14.0 Google Tensorflow 1.15.0 Google Tensorflow 1.15.2 Google Tensorflow 1.15.3 Google Tensorflow 1.15.4 Google Tensorflow 1.15.5 Google Tensorflow 2.0.0 Google Tensorflow 2.0.1 Google Tensorflow 2.0.2 Google Tensorflow 2.0.3 Google Tensorflow 2.0.4 Google Tensorflow 2.1.0 Google Tensorflow 2.1.1 Google Tensorflow 2.1.2 Google Tensorflow 2.1.3 Google Tensorflow 2.1.4 Google Tensorflow 2.2.0 Google Tensorflow 2.2.1 Google Tensorflow 2.2.2 Google Tensorflow 2.2.3 Google Tensorflow 2.3.0 Google Tensorflow 2.3.1 Google Tensorflow 2.3.2 Google Tensorflow 2.3.3 Google Tensorflow 2.3.4 Google Tensorflow 2.4.0 Google Tensorflow 2.4.1 Google Tensorflow 2.4.2 Google Tensorflow 2.4.3 Google Tensorflow 2.4.4 Google Tensorflow 2.5.0 Google Tensorflow 2.5.1 Google Tensorflow 2.5.2 Google Tensorflow 2.6.0 Google Tensorflow 2.6.1 Google Tensorflow 2.6.2 Google Tensorflow 2.6.3 Google Tensorflow 2.8.0 Google Tensorflow 2.9.0	413

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References