Vulnerabilities > CVE-2022-35934 - Reachable Assertion vulnerability in Google Tensorflow

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

google

CWE-617

NVD

Published: 2022-09-16

Updated: 2022-09-20

Summary

TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Vulnerable Configurations

Part	Description	Count
Application	Google Google Tensorflow 2.7.0 Google Tensorflow 2.7.1 Google Tensorflow 2.8.0 Google Tensorflow 2.10 Google Tensorflow 2.9.0	17

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References