CVE-2022-41885 - OpenCVE

TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Tensorflow

Configuration 1 [-]

OR	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow:2.10.0:rc0::::::
	cpe:2.3:a:google:tensorflow:2.10.0:rc1::::::
	cpe:2.3:a:google:tensorflow:2.10.0:rc2::::::
	cpe:2.3:a:google:tensorflow:2.10.0:rc3::::::

No data.

References

Link	Providers
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc
https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-11-18T00:00:00

Updated: 2024-08-03T12:56:38.169Z

Reserved: 2022-09-30T00:00:00

Link: CVE-2022-41885

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-18T22:15:14.147

Modified: 2022-11-23T17:44:07.997

Link: CVE-2022-41885

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41885", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T12:56:38.169Z", "dateReserved": "2022-09-30T00:00:00", "datePublished": "2022-11-18T00:00:00"}, "containers": {"cna": {"title": "Overflow in `FusedResizeAndPadConv2D` in Tensorflow", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-11-19T00:00:00"}, "descriptions": [{"lang": "en", "value": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range."}], "affected": [{"vendor": "tensorflow", "product": "tensorflow", "versions": [{"version": ">= 2.9.0, < 2.9.1", "status": "affected"}, {"version": ">= 2.8.0, < 2.8.1", "status": "affected"}, {"version": "< 2.7.4", "status": "affected"}]}], "references": [{"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx"}, {"url": "https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce"}, {"url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 4.8, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-131: Incorrect Calculation of Buffer Size", "cweId": "CWE-131"}]}], "source": {"advisory": "GHSA-762h-vpvw-3rcx", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:38.169Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", "tags": ["x_transferred"]}, {"url": "https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce", "tags": ["x_transferred"]}, {"url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EBE1EC2-A67A-4885-B1BB-A2BB5D18459D", "versionEndExcluding": "2.7.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F9D273D-02DC-441E-AA91-EAC8DEAA4B44", "versionEndExcluding": "2.8.1", "versionStartIncluding": "2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE4F8A81-6CC2-4F7F-9602-C170FDD926E7", "versionEndExcluding": "2.9.1", "versionStartIncluding": "2.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "B5F5D78E-DBBA-4CC7-ADB1-454F86700280", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EF6375A0-9871-4072-95F0-4266620F4713", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "534F3684-3E31-4A0A-9821-70EEFA8AB258", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "E1D5EAED-B494-4E30-AB79-99BD1876B5FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range."}, {"lang": "es", "value": "TensorFlow es una plataforma de c\u00f3digo abierto para aprendizaje autom\u00e1tico. Cuando a `tf.raw_ops.FusedResizeAndPadConv2D` se le da una forma de tensor grande, se desborda. Hemos solucionado el problema en GitHub en el commit d66e1d568275e6a2947de97dca7a102a211e01ce. La soluci\u00f3n se incluir\u00e1 en TensorFlow 2.11. Tambi\u00e9n aplicaremos este commit en TensorFlow 2.10.1, 2.9.3 y TensorFlow 2.8.4, ya que estos tambi\u00e9n se ven afectados y a\u00fan se encuentran en el rango admitido."}], "id": "CVE-2022-41885", "lastModified": "2022-11-23T17:44:07.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-11-18T22:15:14.147", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-131"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-131"}], "source": "security-advisories@github.com", "type": "Secondary"}]}