Denial Of Service (DoS)

2022-12-0805:38:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

tensorflow

vulnerability

denial of service

improper input validation

out-of-bounds memory read

crash.

0.001 Low

EPSS

Percentile

48.7%

JSON

tensorflow is vulnerable to denial of service. The vulnerability exists because the MakeGrapplerFunctionItem in functions.cc does not properly validate the input-output arguments, allowing an attacker to cause out-of-bounds memory read or crash the application if the inputs given are greater than or equal to the sizes of the outputs.

CPENameOperatorVersion
tensorflowle2.9.2
tensorflowle2.10.0
tensorflowle2.11.0rc2
tensorflowle2.8.3
tensorflow-cpule2.9.2
tensorflow-cpule2.10.0
tensorflow-cpule2.11.0rc2
tensorflow-cpule2.8.3
tensorflow-gpule2.9.2
tensorflow-gpule2.10.0

Name	Operator	Version
tensorflow	le	2.9.2
tensorflow	le	2.10.0
tensorflow	le	2.11.0rc2
tensorflow	le	2.8.3
tensorflow-cpu	le	2.9.2
tensorflow-cpu	le	2.10.0
tensorflow-cpu	le	2.11.0rc2
tensorflow-cpu	le	2.8.3
tensorflow-gpu	le	2.9.2
tensorflow-gpu	le	2.10.0