Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
`CHECK` fail in `TensorListFromTensor` in TensorFlow
Vulnerability Description
TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
可达断言
Vulnerability Title
Google TensorFlow 安全漏洞
Vulnerability Description
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 Google TensorFlow 存在安全漏洞,该漏洞源于当 TensorListFromTensor 接收到 element_shape 的等级大于 1 时,它会给出断言失败,这可能会触发拒绝服务攻击。该漏洞将在 2.10.0 版本, 2.9.1 版本, 2.8.1 版本, 2.7.2 版本中得到修复。
CVSS Information
N/A
Vulnerability Type
N/A