Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2022-35940 : What You Need to Know

Learn about CVE-2022-35940 impacting TensorFlow due to an integer overflow issue in the `RaggedRangeOp` function. Get insights into the impact, affected versions, and mitigation steps.

TensorFlow, an open-source platform for machine learning, is impacted by CVE-2022-35940 due to an integer overflow vulnerability in the 

RaggedRangeOp
function. This vulnerability can lead to an 
InvalidArgument
triggering an abort signal and crashing the program.

Understanding CVE-2022-35940

This section will delve into the details of the CVE-2022-35940 vulnerability affecting TensorFlow.

What is CVE-2022-35940?

The CVE-2022-35940 vulnerability in TensorFlow arises from an integer overflow issue in the 

RaggedRangeOp
function, specifically related to the conversion of a very large float to an 
int64
, potentially leading to program crashes.

The Impact of CVE-2022-35940

The vulnerability carries a CVSSv3 base score of 5.9, categorizing it as a medium-severity issue. With a high attack complexity and network-level vector, the availability impact is significant, albeit with no direct impact on confidentiality or integrity, and requiring no special privileges for exploitation.

Technical Details of CVE-2022-35940

This section will provide detailed technical insights into the CVE-2022-35940 vulnerability.

Vulnerability Description

The vulnerability stems from the improper conversion of a large float to an 

int64
in the 
RaggedRangeOp
function, leading to an overflow scenario that triggers crashes.

Affected Systems and Versions

The vulnerability affects versions of TensorFlow prior to 2.7.2, as well as versions between 2.8.0 and 2.8.1, and 2.9.0 and 2.9.1.

Exploitation Mechanism

The vulnerability can be exploited by providing a very large float as input to the 

limits
argument, causing an overflow when this value is subsequently converted to an 
int64
.

Mitigation and Prevention

This section will outline steps to mitigate and prevent exploitation of the CVE-2022-35940 vulnerability.

Immediate Steps to Take

Users are advised to update TensorFlow to version 2.10.0, which includes a fix for the vulnerability. For versions 2.7.2, 2.8.1, and 2.9.1, the fix has been cherry-picked and included.

Long-Term Security Practices

Developers should validate input data to prevent large input values that may lead to overflow scenarios. Regularly updating to the latest versions of libraries is also recommended.

Patching and Updates

Ensure that all TensorFlow installations are promptly updated to versions containing the patched code to mitigate the risk of exploitation.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now