FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-tensorflow -- denial of service vulnerability

Affected packages
py310-tensorflow < 2.8.4
2.9.0 <= py310-tensorflow < 2.9.3
2.10.0 <= py310-tensorflow < 2.10.1
py311-tensorflow < 2.8.4
2.9.0 <= py311-tensorflow < 2.9.3
2.10.0 <= py311-tensorflow < 2.10.1
py37-tensorflow < 2.8.4
2.9.0 <= py37-tensorflow < 2.9.3
2.10.0 <= py37-tensorflow < 2.10.1
py38-tensorflow < 2.8.4
2.9.0 <= py38-tensorflow < 2.9.3
2.10.0 <= py38-tensorflow < 2.10.1
py39-tensorflow < 2.8.4
2.9.0 <= py39-tensorflow < 2.9.3
2.10.0 <= py39-tensorflow < 2.10.1

Details

VuXML ID ae132c6c-d716-11ed-956f-7054d21a9e2a
Discovery 2022-11-21
Entry 2023-04-09

Kang Hong Jin, Neophytos Christou, 刘力源 and Pattarakrit Rattankul report:

Another instance of CVE-2022-35935, where `SobolSample` is vulnerable to a denial of service via assumed scalar inputs, was found and fixed.

Pattarakrit Rattankul reports:

Another instance of CVE-2022-35991, where `TensorListScatter` and `TensorListScatterV2` crash via non scalar inputs in`element_shape`, was found in eager mode and fixed.

References

CVE Name CVE-2022-35935
CVE Name CVE-2022-35991
URL https://osv.dev/vulnerability/GHSA-cqvq-fvhr-v6hc
URL https://osv.dev/vulnerability/GHSA-xf83-q765-xm6m