PyPI: tensorflow-intel
CVE-2022-35966
Safety vulnerability ID: SFTY-20220916-06628
Safety legacy ID: pyup.io-56573
Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35966: Segfault in 'QuantizedAvgPool'. https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9
Overview
TensorFlow vulnerable to segfault in `QuantizedAvgPool`
Advisory
Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35966: Segfault in 'QuantizedAvgPool'. https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9
How to Fix
Upgrade
tensorflow-intel
to2.10.0
or higher.Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20220916-06628/CVE-2022-35966
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35966
- https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9
- https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622
- https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0
- https://nvd.nist.gov/vuln/detail/CVE-2022-35966
- https://github.com/advisories/GHSA-4w68-4x85-mjj9
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more