We found results for “”
CVE-2022-41911
Good to know:
Date: November 17, 2022
TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
Language: Python
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Incorrect Type Conversion or Cast
CWE-704Top Fix
Upgrade Version
Upgrade to version tensorflow - 2.8.4,2.9.3,2.10.1,2.11.0;tensorflow-cpu - 2.8.4,2.9.3,2.10.1,2.11.0;tensorflow-gpu - 2.8.4,2.9.3,2.10.1,2.11.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |