How severe is CVE-2022-23573?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-23573?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2022-23573 - HIGH Severity | CVSS 8.8

Vulnerability Description

Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Related Vulnerabilities

CVE-2008-2934

HIGH

CVSS:8.8(High)

Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an...

CWE-9082008

CVE-2008-3475

HIGH

CVSS:8.8(High)

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remo...

CWE-9082008

CVE-2008-4197

HIGH

CVSS:8.8(High)

Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-ass...

CWE-9082008

CVE-2018-6981

HIGH

CVSS:8.8(High)

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, ...

CWE-9082018

CVE-2019-13135

HIGH

CVSS:8.8(High)

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.

CWE-9082019

CVE-2019-2105

HIGH

CVSS:8.8(High)

In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additiona...

CWE-9082019