Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04MjhjLTVqNXEtdnJqcc4AAu2X
TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef`
Impact
When mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs without an op name, it crashes.
Status GraphDefImporter::ConvertNodeDef(OpBuilder &builder, ConversionState &s,
const NodeDef &node) {
VLOG(4) << "Importing: " << node.name();
OperationState state(ConvertLocation(node), absl::StrCat("tfg.", node.op()));
// The GraphImporter does light shape inference, but here we will defer all of
// that to the shape inference pass.
const OpDef *op_def;
const OpRegistrationData *op_reg_data = nullptr;
if ((op_reg_data = registry_.LookUp(node.op()))) {
op_def = &op_reg_data->op_def;
} else {
auto it = function_op_defs_.find(node.op());
if (it == function_op_defs_.end())
return InvalidArgument("Unable to find OpDef for ", node.op());
op_def = it->second;
}
node.op().empty() cannot be empty.
Patches
We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Permalink: https://github.com/advisories/GHSA-828c-5j5q-vrjqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04MjhjLTVqNXEtdnJqcc4AAu2X
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: 8 months ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-828c-5j5q-vrjq, CVE-2022-36013
References:
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq
- https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5
- https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0
- https://nvd.nist.gov/vuln/detail/CVE-2022-36013
- https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc
- https://github.com/advisories/GHSA-828c-5j5q-vrjq
Affected Packages
pypi:tensorflow-gpu
Versions: >= 2.9.0, < 2.9.1, >= 2.8.0, < 2.8.1, < 2.7.2Fixed in: 2.9.1, 2.8.1, 2.7.2
pypi:tensorflow-cpu
Versions: >= 2.9.0, < 2.9.1, >= 2.8.0, < 2.8.1, < 2.7.2Fixed in: 2.9.1, 2.8.1, 2.7.2
pypi:tensorflow
Versions: >= 2.9.0, < 2.9.1, >= 2.8.0, < 2.8.1, < 2.7.2Fixed in: 2.9.1, 2.8.1, 2.7.2