cnvd - cnvd-2022-13928

cnvd-2022-13928

Vulnerability from cnvd

Title: Google Tensorflow拒绝服务漏洞（CNVD-2022-13928）

Description:

TensorFlow是一个端到端开源机器学习平台。它拥有一个全面而灵活的生态系统，其中包含各种工具、库和社区资源，可助力研究人员推动先进机器学习技术的发展，并使开发者能够轻松地构建和部署由机器学习提供支持的应用。

TensorFlow存在拒绝服务漏洞，该漏洞源于ThreadPoolHandle分配过多的内存，num_threads参数只被检查为非负数。攻击者可利用该漏洞导致拒绝服务。

Severity: 中

Patch Name: Google Tensorflow拒绝服务漏洞（CNVD-2022-13928）的补丁

Patch Description:

TensorFlow存在拒绝服务漏洞，该漏洞源于ThreadPoolHandle分配过多的内存，num_threads参数只被检查为非负数。攻击者可利用该漏洞导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-21732

Impacted products

Name
['Google TensorFlow >=2.6.0，<=2.6.2', 'Google TensorFlow 2.7.0', 'Google TensorFlow <=2.5.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-21732",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-21732"
    }
  },
  "description": "TensorFlow\u662f\u4e00\u4e2a\u7aef\u5230\u7aef\u5f00\u6e90\u673a\u5668\u5b66\u4e60\u5e73\u53f0\u3002\u5b83\u62e5\u6709\u4e00\u4e2a\u5168\u9762\u800c\u7075\u6d3b\u7684\u751f\u6001\u7cfb\u7edf\uff0c\u5176\u4e2d\u5305\u542b\u5404\u79cd\u5de5\u5177\u3001\u5e93\u548c\u793e\u533a\u8d44\u6e90\uff0c\u53ef\u52a9\u529b\u7814\u7a76\u4eba\u5458\u63a8\u52a8\u5148\u8fdb\u673a\u5668\u5b66\u4e60\u6280\u672f\u7684\u53d1\u5c55\uff0c\u5e76\u4f7f\u5f00\u53d1\u8005\u80fd\u591f\u8f7b\u677e\u5730\u6784\u5efa\u548c\u90e8\u7f72\u7531\u673a\u5668\u5b66\u4e60\u63d0\u4f9b\u652f\u6301\u7684\u5e94\u7528\u3002\n\nTensorFlow\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eThreadPoolHandle\u5206\u914d\u8fc7\u591a\u7684\u5185\u5b58\uff0cnum_threads\u53c2\u6570\u53ea\u88ab\u68c0\u67e5\u4e3a\u975e\u8d1f\u6570\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-13928",
  "openTime": "2022-02-23",
  "patchDescription": "TensorFlow\u662f\u4e00\u4e2a\u7aef\u5230\u7aef\u5f00\u6e90\u673a\u5668\u5b66\u4e60\u5e73\u53f0\u3002\u5b83\u62e5\u6709\u4e00\u4e2a\u5168\u9762\u800c\u7075\u6d3b\u7684\u751f\u6001\u7cfb\u7edf\uff0c\u5176\u4e2d\u5305\u542b\u5404\u79cd\u5de5\u5177\u3001\u5e93\u548c\u793e\u533a\u8d44\u6e90\uff0c\u53ef\u52a9\u529b\u7814\u7a76\u4eba\u5458\u63a8\u52a8\u5148\u8fdb\u673a\u5668\u5b66\u4e60\u6280\u672f\u7684\u53d1\u5c55\uff0c\u5e76\u4f7f\u5f00\u53d1\u8005\u80fd\u591f\u8f7b\u677e\u5730\u6784\u5efa\u548c\u90e8\u7f72\u7531\u673a\u5668\u5b66\u4e60\u63d0\u4f9b\u652f\u6301\u7684\u5e94\u7528\u3002\r\n\r\nTensorFlow\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eThreadPoolHandle\u5206\u914d\u8fc7\u591a\u7684\u5185\u5b58\uff0cnum_threads\u53c2\u6570\u53ea\u88ab\u68c0\u67e5\u4e3a\u975e\u8d1f\u6570\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Tensorflow\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2022-13928\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Google TensorFlow \u003e=2.6.0\uff0c\u003c=2.6.2",
      "Google TensorFlow 2.7.0",
      "Google TensorFlow \u003c=2.5.2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-21732",
  "serverity": "\u4e2d",
  "submitTime": "2022-02-21",
  "title": "Google Tensorflow\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2022-13928\uff09"
}

CVE-2022-21732 (GCVE-0-2022-21732)

Vulnerability from cvelistv5

Published

2022-02-03 11:21

Modified

2025-02-12 15:58

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

Summary

Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper bound on its value. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

References

▼	URL	Tags
	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq	x_refsource_CONFIRM
	https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e	x_refsource_MISC
	https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:53:36.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21732",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-31T17:14:02.977524Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:58:59.537Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper bound on its value. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-03T11:21:48.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135"
        }
      ],
      "source": {
        "advisory": "GHSA-c582-c96p-r5cq",
        "discovery": "UNKNOWN"
      },
      "title": "Memory exhaustion in Tensorflow",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-21732",
          "STATE": "PUBLIC",
          "TITLE": "Memory exhaustion in Tensorflow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper bound on its value. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq",
              "refsource": "CONFIRM",
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-c582-c96p-r5cq",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-21732",
    "datePublished": "2022-02-03T11:21:48.000Z",
    "dateReserved": "2021-11-16T00:00:00.000Z",
    "dateUpdated": "2025-02-12T15:58:59.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted