CVE-2022-35995 : What You Need to Know
Learn about CVE-2022-35995 impacting TensorFlow versions < 2.7.2, >= 2.8.0 & < 2.8.1, >= 2.9.0 & < 2.9.1. Mitigation steps and impact assessment included.
A detailed overview of the vulnerability in TensorFlow affecting versions prior to 2.7.2, between 2.8.0 and 2.8.1, and between 2.9.0 and 2.9.1.
Understanding CVE-2022-35995
This CVE describes a vulnerability in TensorFlow related to
AudioSummaryV2What is CVE-2022-35995?
TensorFlow, an open-source machine learning platform, is affected by a flaw where a specific input to
AudioSummaryV2CHECKThe Impact of CVE-2022-35995
The vulnerability is rated with a CVSS base score of 5.9 (Medium severity) due to its network-based attack complexity and high availability impact. While it does not impact confidentiality or integrity, immediate action is advised.
Technical Details of CVE-2022-35995
Below are the technical details associated with CVE-2022-35995:
Vulnerability Description
The vulnerability arises in TensorFlow when
AudioSummaryV2sample_rateCHECKAffected Systems and Versions
The issue impacts TensorFlow versions below 2.7.2, versions within the range of 2.8.0 to 2.8.1, as well as versions ranging from 2.9.0 to 2.9.1.
Exploitation Mechanism
An attacker can exploit this vulnerability by providing a malicious input to the
AudioSummaryV2CHECKMitigation and Prevention
To address CVE-2022-35995, consider the following mitigation strategies:
Immediate Steps to Take
- Update TensorFlow to version 2.10.0 or apply the respective patches available to mitigate the vulnerability.
Long-Term Security Practices
- Regularly update TensorFlow to the latest versions to ensure security patches are applied promptly.
Patching and Updates
- Stay informed about security advisories from TensorFlow and promptly apply any patches released to address known vulnerabilities.