How severe is CVE-2022-21728?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2022-21728?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2022-21728

HIGH Year: 2022

CVSS v3 Score

8.1

High

CVSS v2 Score

5.5

Medium

Weakness Type

CWE-125

View all →

Vulnerability Description

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

CVE-2015-8763

HIGH

CVSS:8.1(High)

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.

CWE-1252015

CVE-2016-2374

HIGH

CVSS:8.1(High)

An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write le...

CWE-1252016

CVE-2016-7643

HIGH

CVSS:8.1(High)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allow...

CWE-1252016

CVE-2016-9573

HIGH

CVSS:8.1(High)

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, poten...

CWE-1252016

CVE-2017-14245

HIGH

CVSS:8.1(High)

An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-p...

CWE-1252017

CVE-2017-14246

HIGH

CVSS:8.1(High)

An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-p...

CWE-1252017

CVE-2022-21728

Vulnerability Description

Related Vulnerabilities

CVE-2015-8763

CVE-2016-2374

CVE-2016-7643

CVE-2016-9573

CVE-2017-14245

CVE-2017-14246