TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
| Link | Tags |
|---|---|
| https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 | third party advisory release notes |
| https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 | third party advisory release notes |
| https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 | third party advisory release notes |
| https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0 | third party advisory release notes |
| https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5889-7v45-q28m | exploit third party advisory patch |
| https://github.com/tensorflow/tensorflow/issues/55263 | issue tracking exploit third party advisory |
| https://github.com/tensorflow/tensorflow/pull/55274 | issue tracking third party advisory patch |
| https://github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73 | third party advisory patch |