Skip to main content

Incorrect Calculation of Buffer Size

CVE-2022-41907

Severity High
Score 7.5/10

Summary

TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. This issue affects versions prior to 2.8.4, 2.9.x prior to 2.9.3, and 2.10.x prior to 2.10.1.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-131 - Incorrect Calculation of Buffer Size

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Advisory Timeline

  • Published