admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-291xx/CVE-2022-29195.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

216 lines
7.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-29195",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-05-20T22:16:40.623",
"lastModified": "2022-05-26T23:36:45.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue."
},
{
"lang": "es",
"value": "TensorFlow es una plataforma de c\u00f3digo abierto para el aprendizaje autom\u00e1tico. En versiones anteriores a 2.9.0, 2.8.1, 2.7.2 y 2.6.4, la implementaci\u00f3n de \"tf.raw_ops.StagePeek\" no comprueba completamente los argumentos de entrada. Esto resulta en un fallo de \"CHECK\" que puede ser usado para desencadenar un ataque de denegaci\u00f3n de servicio. El c\u00f3digo asume que \"index\" es un escalar pero no es comprobado antes de acceder a su valor. Las versiones 2.9.0, 2.8.1, 2.7.2 y 2.6.4 contienen un parche para este problema"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.6.4",
"matchCriteriaId": "D9359D32-D090-44CF-AC43-2046084A28BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionEndExcluding": "2.7.2",
"matchCriteriaId": "C4DFBF2D-5283-42F6-8800-D653BFA5CE82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "A58EDA5C-66D6-46F1-962E-60AFB7C784A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89522760-C2DF-400D-9624-626D8F160CBA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E9EA1898-ACAA-4699-8BAE-54D62C1819FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "130DE3C9-6842-456F-A259-BF8FF8457217"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BBF2FCEF-989C-409D-9F4C-81418C65B972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "9CFB1CFC-579D-4647-A472-6DE8BE1951DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3F3F37E-D27F-4060-830C-0AFF16150777"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/stage_op.cc#L26",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tensorflow/tensorflow/commit/cebe3c45d76357d201c65bdbbf0dbe6e8a63bbdb",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4",
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2",
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1",
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0",
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h48f-q7rw-hvr7",
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink