Buffer Overflow Affecting tensorflow package, versions [,2.8.4) [2.9.0,2.9.3) [2.10.0,2.10.1) [2.11.0rc0,2.11.0)
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-TENSORFLOW-3136216
- published 20 Nov 2022
- disclosed 20 Nov 2022
- credit Thibaut Goetghebuer-Planchon
Introduced: 20 Nov 2022
CVE-2022-41894 Open this link in a new tabHow to fix?
Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.
Overview
tensorflow is a machine learning framework.
Affected versions of this package are vulnerable to Buffer Overflow. The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of data_ptr += num_channels; it should be data_ptr += output_num_channels; as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer.
Note: This attack only works if the reference kernel resolver is used in the interpreter.