How severe is CVE-2022-35996?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-35996?

This is classified as CWE-369, which is a common weakness in software security.

CVE-2022-35996 - HIGH Severity | CVSS 7.5

Vulnerability Description

TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2007-3268

HIGH

CVSS:7.5(High)

The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) vi...

CWE-3692007

CVE-2012-0207

HIGH

CVSS:7.5(High)

The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.

CWE-3692012

CVE-2015-3418

HIGH

CVSS:7.5(High)

The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutIm...

CWE-3692015

CVE-2015-6855

HIGH

CVSS:7.5(High)

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain I...

CWE-3692015

CVE-2016-3623

HIGH

CVSS:7.5(High)

The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.

CWE-3692016

CVE-2016-5323

HIGH

CVSS:7.5(High)

The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.

CWE-3692016