Safety vulnerability ID: 51962
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41909: An input 'encoded' that is not a valid 'CompositeTensorVariant' tensor will trigger a segfault in 'tf.raw_ops.CompositeTensorVariantToComponents'.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9
Latest version: 2.18.0
TensorFlow is an open source machine learning framework for everyone.
TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. See CVE-2022-41909.
CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9
MISC:https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc: https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc
MISC:https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d: https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d
MISC:https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971: https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application