Miggo Logo

CVE-2022-21733: Memory exhaustion in Tensorflow

4.3

CVSS Score
3.1

Basic Information

EPSS Score
0.44736%
Published
2/10/2022
Updated
11/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.5.32.5.3
tensorflowpip>= 2.6.0, < 2.6.32.6.3
tensorflowpip= 2.7.02.7.1
tensorflow-cpupip< 2.5.32.5.3
tensorflow-cpupip>= 2.6.0, < 2.6.32.6.3
tensorflow-cpupip= 2.7.02.7.1
tensorflow-gpupip< 2.5.32.5.3
tensorflow-gpupip>= 2.6.0, < 2.6.32.6.3
tensorflow-gpupip= 2.7.02.7.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the StringNGramsOp's Compute function in string_ngrams_op.cc. The code path handling preserve_short_sequences=True with empty ngram_widths used pad_width without proper validation. The patch added an explicit check (OP_REQUIRES) for pad_width >=0 in this context. The original code allowed negative pad_width values, which when combined with data_length in ngram_width calculation (data_length + 2*pad_width), could produce invalid values used for memory allocation. The function's direct role in processing these parameters and the explicit fix in the commit confirm this as the vulnerable location.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** [impl*m*nt*tion o* `Strin*N*r*ms`](*ttps://*it*u*.*om/t*nsor*low/t*nsor*low/*lo*/****************************************/t*nsor*low/*or*/k*rn*ls/strin*_n*r*ms_op.**#L**-L***) **n ** us** to tri***r * **ni*l o* s*rvi** *tt**k *y **usi

Reasoning

T** vuln*r**ility st*ms *rom t** Strin*N*r*msOp's *omput* *un*tion in strin*_n*r*ms_op.**. T** *o** p*t* **n*lin* pr*s*rv*_s*ort_s*qu*n**s=Tru* wit* *mpty n*r*m_wi*t*s us** p**_wi*t* wit*out prop*r v*li**tion. T** p*t** ***** *n *xpli*it ****k (OP_R*