CVE-2022-35996 - OpenCVE

Vendors	Products
Google	Tensorflow

Link	Resource
https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9	Patch Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37	Third Party Advisory

{"containers": {"cna": {"affected": [{"product": "tensorflow", "vendor": "tensorflow", "versions": [{"status": "affected", "version": "< 2.7.2"}, {"status": "affected", "version": ">= 2.8.0, < 2.8.1"}, {"status": "affected", "version": ">= 2.9.0, < 2.9.1"}]}], "descriptions": [{"lang": "en", "value": "TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-369", "description": "CWE-369: Divide By Zero", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-16T22:55:09", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9"}], "source": {"advisory": "GHSA-q5jv-m6qw-5g37", "discovery": "UNKNOWN"}, "title": "Floating point exception in `Conv2D` in TensorFlow", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-35996", "STATE": "PUBLIC", "TITLE": "Floating point exception in `Conv2D` in TensorFlow"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "tensorflow", "version": {"version_data": [{"version_value": "< 2.7.2"}, {"version_value": ">= 2.8.0, < 2.8.1"}, {"version_value": ">= 2.9.0, < 2.9.1"}]}}]}, "vendor_name": "tensorflow"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-369: Divide By Zero"}]}]}, "references": {"reference_data": [{"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37"}, {"name": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9"}]}, "source": {"advisory": "GHSA-q5jv-m6qw-5g37", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-35996", "datePublished": "2022-09-16T22:55:10", "dateReserved": "2022-07-15T00:00:00", "dateUpdated": "2022-09-16T22:55:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6622D95-1C86-45C5-AB55-E6EEEA0996DF", "versionEndExcluding": "2.7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F9D273D-02DC-441E-AA91-EAC8DEAA4B44", "versionEndExcluding": "2.8.1", "versionStartIncluding": "2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE4F8A81-6CC2-4F7F-9602-C170FDD926E7", "versionEndExcluding": "2.9.1", "versionStartIncluding": "2.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10:rc0:*:*:*:*:*:*", "matchCriteriaId": "1DBFBCE2-0A01-4575-BE45-6775ABFB8B28", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "89806CF9-E423-4CA6-A01A-8175C260CB24", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "F2B80690-A257-4E16-BD27-9AE045BC56ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "F335F9A4-5AB8-4E53-BC18-E01F7C653E5E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."}, {"lang": "es", "value": "TensorFlow es una plataforma de c\u00f3digo abierto para el aprendizaje autom\u00e1tico. Si \"Conv2D\" recibe una \"entrada\" vac\u00eda y los tama\u00f1os de \"filtro\" y \"acolchado\" son v\u00e1lidos, la salida es todo ceros. Esto causa excepciones de divisi\u00f3n por cero en coma flotante que pueden ser usadas para desencadenar un ataque de denegaci\u00f3n de servicio. Hemos parcheado el problema en el commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9 de GitHub. La correcci\u00f3n ser\u00e1 incluida en TensorFlow versi\u00f3n 2.10.0. Tambi\u00e9n seleccionaremos este compromiso en TensorFlow versi\u00f3n 2.9.1, TensorFlow versi\u00f3n 2.8.1, y TensorFlow versi\u00f3n 2.7.2, ya que estos tambi\u00e9n est\u00e1n afectados y todav\u00eda est\u00e1n en el rango admitido. No se presentan mitigaciones conocidas para este problema"}], "id": "CVE-2022-35996", "lastModified": "2022-09-20T14:49:57.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-09-16T23:15:10.407", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-369"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

JSON object

JSON object

JSON object