Improper input validation in Tensorflow
CVE-2022-29207
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it wo…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.001 (17.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Tensorflow — versions < 2.6.4, >= 2.7.0rc0, < 2.7.2, >= 2.8.0rc0, < 2.8.1
Weakness classification (CWE)
Public proof-of-concept exploits
References
- github.com/tensorflow/tensorflow/releases/tag/v2.6.4 (x_refsource_MISC)
- github.com/tensorflow/tensorflow/releases/tag/v2.7.2 (x_refsource_MISC)
- github.com/tensorflow/tensorflow/releases/tag/v2.8.1 (x_refsource_MISC)
- github.com/tensorflow/tensorflow/releases/tag/v2.9.0 (x_refsource_MISC)
- github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8 (x_refsource_CONFIRM)
- github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7 (x_refsource_MISC)
- github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-29207?
- CVE-2022-29207 is a medium-severity vulnerability in Tensorflow, classified under Improper Input Validation. CVSS score: 5.5/10. Published 2022-05-20.
- How severe is CVE-2022-29207?
- Medium severity. CVSS v3 base score is 5.5 out of 10.
- Is CVE-2022-29207 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.