{"containers": {"cna": {"affected": [{"product": "tensorflow", "vendor": "tensorflow", "versions": [{"status": "affected", "version": "< 2.6.4"}, {"status": "affected", "version": ">= 2.7.0rc0, < 2.7.2"}, {"status": "affected", "version": ">= 2.8.0rc0, < 2.8.1"}, {"status": "affected", "version": ">= 2.9.0rc0, < 2.9.0"}]}], "descriptions": [{"lang": "en", "value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-20T22:50:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-cjh4"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf"}], "source": {"advisory": "GHSA-jjm6-4vf7-cjh4", "discovery": "UNKNOWN"}, "title": "Integer overflow in `SpaceToBatchND` in TensorFlow", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-29203", "STATE": "PUBLIC", "TITLE": "Integer overflow in `SpaceToBatchND` in TensorFlow"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "tensorflow", "version": {"version_data": [{"version_value": "< 2.6.4"}, {"version_value": ">= 2.7.0rc0, < 2.7.2"}, {"version_value": ">= 2.8.0rc0, < 2.8.1"}, {"version_value": ">= 2.9.0rc0, < 2.9.0"}]}}]}, "vendor_name": "tensorflow"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-190: Integer Overflow or Wraparound"}]}]}, "references": {"reference_data": [{"name": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md"}, {"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"}, {"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"}, {"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"}, {"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"}, {"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-cjh4", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-cjh4"}, {"name": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf"}]}, "source": {"advisory": "GHSA-jjm6-4vf7-cjh4", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-29203", "datePublished": "2022-05-20T22:50:11", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2022-05-20T22:50:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9359D32-D090-44CF-AC43-2046084A28BB", "versionEndExcluding": "2.6.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4DFBF2D-5283-42F6-8800-D653BFA5CE82", "versionEndExcluding": "2.7.2", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "A58EDA5C-66D6-46F1-962E-60AFB7C784A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "89522760-C2DF-400D-9624-626D8F160CBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:*", "matchCriteriaId": "E9EA1898-ACAA-4699-8BAE-54D62C1819FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "130DE3C9-6842-456F-A259-BF8FF8457217", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "BBF2FCEF-989C-409D-9F4C-81418C65B972", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "9CFB1CFC-579D-4647-A472-6DE8BE1951DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F3F3F37E-D27F-4060-830C-0AFF16150777", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue."}, {"lang": "es", "value": "TensorFlow es una plataforma de c\u00f3digo abierto para el aprendizaje autom\u00e1tico. En versiones anteriores a 2.9.0, 2.8.1, 2.7.2 y 2.6.4, la implementaci\u00f3n de \"tf.raw_ops.SpaceToBatchND\" (en todos los backends como XLA y kernels manuscritos) es vulnerable a un desbordamiento de enteros: El resultado de este desbordamiento de enteros es usado para asignar el tensor de salida, por lo que es obtenido una denegaci\u00f3n de servicio por medio de un fallo de \"CHECK\" (fallo de aserci\u00f3n), como en TFSA-2021-198. Las versiones 2.9.0, 2.8.1, 2.7.2 y 2.6.4 contienen un parche para este problema"}], "id": "CVE-2022-29203", "lastModified": "2022-06-02T19:16:37.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-05-20T23:15:44.543", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-cjh4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}