CVE-2022-21728 — Vulnetix

CVE-2022-21728 PUBLISHED

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

EPSS 1.08% · 78.2th percentile

Risk Scores

EPSS Score

1.08%

78.2th percentile

Affected Products

Vendor	Product	Versions
Bitnami	tensorflow	2.6.0, 2.7.0, 0
Bitnami	tensorflow	0, 2.6.0, 2.7.0

Exploit Intelligence

mwina/CVE-2022-21728-test (github-poc)
mwina/CVE-2022-21728-test (github-poc)
mwina/CVE-2022-21728-test (github-poc)
mwina/CVE-2022-21728-test (github-poc)
mwina/CVE-2022-21728-test (github-poc)
mwina/CVE-2022-21728-test (github-poc)
mwina/CVE-2022-21728-test (github-poc)
mwina/CVE-2022-21728-test (github-poc)
mwina/CVE-2022-21728-test (github-poc)
https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L1636-L1671 (nist-nvd)

…and 3 more exploits

Timeline

Feb 3, 2022 CVE Published
Feb 8, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jul 16, 2022 EPSS Score
Sep 7, 2022 EPSS Score
Oct 29, 2022 EPSS Score
Dec 21, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Apr 5, 2023 EPSS Score
May 27, 2023 EPSS Score
Jul 18, 2023 EPSS Score
Oct 31, 2023 EPSS Score

References

Open in Interactive Console →