CVE-2022-35987 : Vulnerability Insights and Analysis
Discover the impact and mitigation strategies for CVE-2022-35987 in TensorFlow. Learn about the vulnerability, affected versions, and necessary steps to prevent exploitation.
The vulnerability
CHECKDenseBincountUnderstanding CVE-2022-35987
This CVE affects TensorFlow versions prior to 2.7.2, between 2.8.0 and 2.8.1, and between 2.9.0 and 2.9.1, triggering a denial of service risk.
What is CVE-2022-35987?
CVE-2022-35987 in TensorFlow exposes a vulnerability in the
DenseBincountCHECKThe Impact of CVE-2022-35987
The vulnerability poses a medium-severity threat with a base CVSS score of 5.9, impacting the availability of the affected systems with high severity.
Technical Details of CVE-2022-35987
The following technical details further describe the vulnerability in TensorFlow.
Vulnerability Description
The issue arises from improper validation of input tensor
weightsDenseBincountAffected Systems and Versions
TensorFlow versions below 2.7.2, versions between 2.8.0 and 2.8.1, and versions between 2.9.0 and 2.9.1 are susceptible to this vulnerability.
Exploitation Mechanism
Attackers can trigger a denial of service by exploiting the improper input validation in the
DenseBincountCHECKMitigation and Prevention
To secure systems from CVE-2022-35987, immediate actions and long-term security practices are recommended.
Immediate Steps to Take
It is advised to update TensorFlow to version 2.10.0 or apply the patched commit (bf4c14353c2328636a18bfad1e151052c81d5f43) available in versions 2.9.1, 2.8.1, and 2.7.2.
Long-Term Security Practices
Regularly update TensorFlow to the latest versions and ensure timely deployment of security patches to prevent exploitation of known vulnerabilities.
Patching and Updates
Stay informed about security advisories and apply patches promptly to mitigate risks associated with vulnerabilities like CVE-2022-35987.