NULL Pointer Dereference
CVE-2022-35965
Summary
TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. This issue affects TensorFlow versions prior to 2.7.4, 2.8.x prior to 2.8.3, and 2.9.x prior to 2.9.2. There are no known workarounds for this issue.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
References
Advisory Timeline
- Published
