We have patched the issue in GitHub commit 6b5adc0877de832b2a7c189532dbbbc64622eeb6.
The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Severity
Moderate
CVE ID
CVE-2022-23588
Weaknesses
No CWEs
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.
Impact
A malicious user can cause a denial of service by altering a
SavedModelsuch that Grappler optimizer would attempt to build a tensor using a referencedtype. This would result in a crash due to aCHECK-fail in theTensorconstructor as reference types are not allowed.Patches
We have patched the issue in GitHub commit 6b5adc0877de832b2a7c189532dbbbc64622eeb6.
The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.