Lucene search
PRIOn knowledge basePRION:CVE-2022-41891HistoryNov 18, 2022 - 10:15 p.m.
Stack overflow
2022-11-1822:15:00
PRIOn knowledge base
www.prio-n.com
2
tensorflow
machine learning
element_shape
denial of service
patch
github
commit
nvd
TensorFlow is an open source platform for machine learning. If tf.raw_ops.TensorListConcat is given element_shape=[], it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.9.0 | |
| tensorflow | lt | 2.9.3 | |
| tensorflow | lt | 2.8.4 | |
| tensorflow | ge | 2.10.0 | |
| tensorflow | lt | 2.10.1 |
Related
osv
osv
Segfault in `tf.raw_ops.TensorListConcat`
2022-11-21 20:42:18
BIT-tensorflow-2022-41891
2024-03-06 11:11:07
CVE-2022-41891
2022-11-18 22:15:16
cnvd
cnvd
cbl_mariner
cbl_mariner
CVE-2022-41891 affecting package tensorflow for versions less than 2.11.0-1
2022-12-09 20:03:11
veracode
veracode
Denial Of Service (DoS)
2022-11-22 14:13:10
nessus
nessus
CBL Mariner 2.0 Security Update: tensorflow (CVE-2022-41891)
2023-03-20 00:00:00
TensorFlow < 2.9.3 Multiple Vulnerabilities
2024-05-24 00:00:00
TensorFlow < 2.10.1 Multiple Vulnerabilities
2024-05-20 00:00:00
cvelist
cvelist
CVE-2022-41891 Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow
2022-11-18 00:00:00
nvd
nvd
CVE-2022-41891
2022-11-18 22:15:16
github
github
Segfault in `tf.raw_ops.TensorListConcat`
2022-11-21 20:42:18
cve
cve
CVE-2022-41891
2022-11-18 22:15:16
