Vulnerability Details : CVE-2022-23566
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Vulnerability category: Memory Corruption
Products affected by CVE-2022-23566
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:2.7.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23566
0.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23566
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2022-23566
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: security-advisories@github.com (Primary)
References for CVE-2022-23566
-
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5qw5-89mw-wcg2
Heap OOB write in Grappler · Advisory · tensorflow/tensorflow · GitHubPatch;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/commit/97282c6d0d34476b6ba033f961590b783fa184cd
Prevent a crash due to heap OOB write in grappler. · tensorflow/tensorflow@97282c6 · GitHubPatch;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.h#L394
tensorflow/shape_inference.h at a1320ec1eac186da1d03f033109191f715b2b130 · tensorflow/tensorflow · GitHubExploit;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/graph_properties.cc#L1132-L1141
tensorflow/graph_properties.cc at a1320ec1eac186da1d03f033109191f715b2b130 · tensorflow/tensorflow · GitHubExploit;Third Party Advisory
Jump to