Safety vulnerability ID: 51942
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow 2.10.1 includes a fix for CVE-2022-41883: When ops that have specified input sizes receive a differing number of inputs, the executor will crash.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w58w-79xv-6vcj
Latest version: 2.17.0
TensorFlow is an open source machine learning framework for everyone.
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. See CVE-2022-41883.
CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w58w-79xv-6vcj: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w58w-79xv-6vcj
MISC:https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/dynamic_stitch_op.cc: https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/dynamic_stitch_op.cc
MISC:https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/data_flow_ops.cc: https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/data_flow_ops.cc
MISC:https://github.com/tensorflow/tensorflow/commit/f5381e0e10b5a61344109c1b7c174c68110f7629: https://github.com/tensorflow/tensorflow/commit/f5381e0e10b5a61344109c1b7c174c68110f7629
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application