TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C++ implicit conversion rules, both branches of the condition will be cast to `double` and the result would be truncated before the assignment. This result in overflows. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
| Link | Tags |
|---|---|
| https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx | third party advisory |
| https://github.com/tensorflow/tensorflow/issues/46889 | third party advisory issue tracking |
| https://github.com/tensorflow/tensorflow/issues/46912 | third party advisory issue tracking |
| https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94 | third party advisory patch |
| https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899 | third party advisory patch |