Miggo Logo

CVE-2022-29200: Missing validation causes denial of service via `LSTMBlockCell`

5.5

CVSS Score
3.1

Basic Information

EPSS Score
0.13042%
Published
5/24/2022
Updated
7/21/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.6.42.6.4
tensorflowpip>= 2.7.0, < 2.7.22.7.2
tensorflowpip>= 2.8.0, < 2.8.12.8.1
tensorflow-cpupip< 2.6.42.6.4
tensorflow-cpupip>= 2.7.0, < 2.7.22.7.2
tensorflow-cpupip>= 2.8.0, < 2.8.12.8.1
tensorflow-gpupip< 2.6.42.6.4
tensorflow-gpupip>= 2.7.0, < 2.7.22.7.2
tensorflow-gpupip>= 2.8.0, < 2.8.12.8.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing rank validation in LSTMBlockCellOp's Compute implementation. The commit diff shows 15 added OP_REQUIRES statements validating tensor ranks, which were absent in vulnerable versions. The Python PoC demonstrates passing tensors with incorrect ranks (e.g., wco with shape [28,17] instead of rank 1), which would crash unpatched versions. The function is explicitly mentioned in CVE-2022-29200's impact section and the patch directly addresses it by adding validation logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** impl*m*nt*tion o* [`t*.r*w_ops.LSTM*lo*k**ll`](*ttps://*it*u*.*om/t*nsor*low/t*nsor*low/*lo*/****************************************/t*nsor*low/*or*/k*rn*ls/rnn/lstm_ops.**) *o*s not *ully v*li**t* t** input *r*um*nts. T*is r*sults in

Reasoning

T** vuln*r**ility st*ms *rom missin* r*nk v*li**tion in `LSTM*lo*k**llOp`'s `*omput*` impl*m*nt*tion. T** *ommit *i** s*ows ** ***** `OP_R*QUIR*S` st*t*m*nts v*li**tin* t*nsor r*nks, w*i** w*r* **s*nt in vuln*r**l* v*rsions. T** Pyt*on Po* **monstr*t