CVE-2022-36015: TensorFlow vulnerable to integer overflow in math ops
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.47984%
CWE
Published
9/16/2022
Updated
1/28/2023
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| tensorflow | pip | < 2.7.2 | 2.7.2 |
| tensorflow | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
| tensorflow | pip | >= 2.9.0, < 2.9.1 | 2.9.1 |
| tensorflow-cpu | pip | < 2.7.2 | 2.7.2 |
| tensorflow-cpu | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
| tensorflow-cpu | pip | >= 2.9.0, < 2.9.1 | 2.9.1 |
| tensorflow-gpu | pip | < 2.7.2 | 2.7.2 |
| tensorflow-gpu | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
| tensorflow-gpu | pip | >= 2.9.0, < 2.9.1 | 2.9.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability manifests in RangeSize's calculation logic for integral types. The pre-patch code computes size using arithmetic operations that might overflow before the subsequent validation check. The critical issues are: 1) Intermediate values in the size calculation could exceed int64_t limits, 2) The overflow check occurs after potentially overflowing operations. The patch replaces this with Eigen::divup with explicit int64_t casting, demonstrating the original code's vulnerability to integer overflow during size computation.