CVE-2022-35935

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-617
View all →

Vulnerability Description

TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2006-4095

HIGH
CVSS:7.5(High)

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

CWE-6172006

CVE-2006-5779

HIGH
CVSS:7.5(High)

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

CWE-6172006

CVE-2006-6767

HIGH
CVSS:7.5(High)

oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.

CWE-6172006

CVE-2011-3596

HIGH
CVSS:7.5(High)

Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.

CWE-6172011

CVE-2015-8012

HIGH
CVSS:7.5(High)

lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.

CWE-6172015

CVE-2016-8864

HIGH
CVSS:7.5(High)

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record ...

CWE-6172016