Skip to main content

NULL Pointer Dereference

CVE-2022-41889

Severity High
Score 7.5/10

Summary

TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the `pywrap` code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. This issue affects versions prior to 2.8.4, 2.9.x prior to 2.9.3 and 2.10.x prior to 2.10.1.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Advisory Timeline

  • Published