NULL Pointer Dereference
CVE-2022-41889
Summary
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the `pywrap` code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. This issue affects versions prior to 2.8.4, 2.9.x prior to 2.9.3 and 2.10.x prior to 2.10.1.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
References
Advisory Timeline
- Published