CVE-2022-29200

{"id": "CVE-2022-29200", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-05-20T22:16:40.933", "references": [{"url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/rnn/lstm_ops.cc", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/commit/803404044ae7a1efac48ba82d74111fce1ddb09a", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2vv3-56qg-g2cf", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1284"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate the ranks of any of the arguments to this API call. This results in `CHECK`-failures when the elements of the tensor are accessed. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue."}, {"lang": "es", "value": "TensorFlow es una plataforma de c\u00f3digo abierto para el aprendizaje autom\u00e1tico. En versiones anteriores a 2.9.0, 2.8.1, 2.7.2 y 2.6.4, la implementaci\u00f3n de \"tf.raw_ops.LSTMBlockCell\" no comprueba completamente los argumentos de entrada. Esto resulta en un fallo de \"CHECK\" que puede ser usado para desencadenar un ataque de denegaci\u00f3n de servicio. El c\u00f3digo no comprueba los rangos de ninguno de los argumentos de esta llamada a la API. Esto resulta en fallos de \"CHECK\" cuando son accedidos a los elementos del tensor. Las versiones 2.9.0, 2.8.1, 2.7.2 y 2.6.4 contienen un parche para este problema"}], "lastModified": "2023-07-21T16:41:35.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9359D32-D090-44CF-AC43-2046084A28BB", "versionEndExcluding": "2.6.4"}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4DFBF2D-5283-42F6-8800-D653BFA5CE82", "versionEndExcluding": "2.7.2", "versionStartIncluding": "2.7.0"}, {"criteria": "cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A58EDA5C-66D6-46F1-962E-60AFB7C784A7"}, {"criteria": "cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89522760-C2DF-400D-9624-626D8F160CBA"}, {"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9EA1898-ACAA-4699-8BAE-54D62C1819FB"}, {"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "130DE3C9-6842-456F-A259-BF8FF8457217"}, {"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBF2FCEF-989C-409D-9F4C-81418C65B972"}, {"criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CFB1CFC-579D-4647-A472-6DE8BE1951DE"}, {"criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3F3F37E-D27F-4060-830C-0AFF16150777"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}