cnvd - cnvd-2023-10605

CNVD-2023-10605

Vulnerability from cnvd - Published: 2023-02-21

Title

Google TensorFlow Conv2D拒绝服务漏洞

Description

Google TensorFlow是美国谷歌（Google）公司的一套用于机器学习的端到端开源平台。 Google TensorFlow存在拒绝服务漏洞，该漏洞源于如果Conv2D被指定为空输入并且filter和padding大小有效，则输出全为零，这会出现除零浮点异常，攻击者可利用该漏洞触发拒绝服务攻击。

Severity

高

Patch Name

Google TensorFlow Conv2D拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37

Reference

https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9

Impacted products

Name
['Google TensorFlow >=2.8.0，<2.8.1', 'Google TensorFlow >=2.9.0，<2.9.1', 'Google TensorFlow <2.7.2', 'Google TensorFlow 2.10-RC0', 'Google TensorFlow 2.10-RC1', 'Google TensorFlow 2.10-RC2', 'Google TensorFlow 2.10-RC3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-35996",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-35996"
    }
  },
  "description": "Google TensorFlow\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u673a\u5668\u5b66\u4e60\u7684\u7aef\u5230\u7aef\u5f00\u6e90\u5e73\u53f0\u3002\n\nGoogle TensorFlow\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5982\u679cConv2D\u88ab\u6307\u5b9a\u4e3a\u7a7a\u8f93\u5165\u5e76\u4e14filter\u548cpadding\u5927\u5c0f\u6709\u6548\uff0c\u5219\u8f93\u51fa\u5168\u4e3a\u96f6\uff0c\u8fd9\u4f1a\u51fa\u73b0\u9664\u96f6\u6d6e\u70b9\u5f02\u5e38\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-10605",
  "openTime": "2023-02-21",
  "patchDescription": "Google TensorFlow\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u673a\u5668\u5b66\u4e60\u7684\u7aef\u5230\u7aef\u5f00\u6e90\u5e73\u53f0\u3002\r\n\r\nGoogle TensorFlow\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5982\u679cConv2D\u88ab\u6307\u5b9a\u4e3a\u7a7a\u8f93\u5165\u5e76\u4e14filter\u548cpadding\u5927\u5c0f\u6709\u6548\uff0c\u5219\u8f93\u51fa\u5168\u4e3a\u96f6\uff0c\u8fd9\u4f1a\u51fa\u73b0\u9664\u96f6\u6d6e\u70b9\u5f02\u5e38\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google TensorFlow Conv2D\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Google TensorFlow \u003e=2.8.0\uff0c\u003c2.8.1",
      "Google TensorFlow \u003e=2.9.0\uff0c\u003c2.9.1",
      "Google TensorFlow \u003c2.7.2",
      "Google TensorFlow 2.10-RC0",
      "Google TensorFlow 2.10-RC1",
      "Google TensorFlow 2.10-RC2",
      "Google TensorFlow 2.10-RC3"
    ]
  },
  "referenceLink": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9",
  "serverity": "\u9ad8",
  "submitTime": "2022-09-20",
  "title": "Google TensorFlow Conv2D\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2022-35996 (GCVE-0-2022-35996)

Vulnerability from cvelistv5 – Published: 2022-09-16 22:55 – Updated: 2025-04-23 16:59

Summary

TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-369 - Divide By Zero

Assigner

GitHub_M

References

URL

Tags

	https://github.com/tensorflow/tensorflow/security…	x_refsource_CONFIRM
	https://github.com/tensorflow/tensorflow/commit/6…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	tensorflow	tensorflow	Affected: < 2.7.2 Affected: >= 2.8.0, < 2.8.1 Affected: >= 2.9.0, < 2.9.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:51:59.680Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-35996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:57:45.697455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:59:06.532Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tensorflow",
          "vendor": "tensorflow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.7.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.8.0, \u003c 2.8.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.9.0, \u003c 2.9.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "CWE-369: Divide By Zero",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-16T22:55:09.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9"
        }
      ],
      "source": {
        "advisory": "GHSA-q5jv-m6qw-5g37",
        "discovery": "UNKNOWN"
      },
      "title": "Floating point exception in `Conv2D` in TensorFlow",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-35996",
          "STATE": "PUBLIC",
          "TITLE": "Floating point exception in `Conv2D` in TensorFlow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "tensorflow",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 2.7.2"
                          },
                          {
                            "version_value": "\u003e= 2.8.0, \u003c 2.8.1"
                          },
                          {
                            "version_value": "\u003e= 2.9.0, \u003c 2.9.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "tensorflow"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-369: Divide By Zero"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37",
              "refsource": "CONFIRM",
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-q5jv-m6qw-5g37",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-35996",
    "datePublished": "2022-09-16T22:55:10.000Z",
    "dateReserved": "2022-07-15T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:59:06.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2023-10605

CVE-2022-35996 (GCVE-0-2022-35996)

Tags

Sightings

Nomenclature