CVE-2022-41884 TensorFlow is an open source machine learning platform that can raise an error if a numpy array has a shape of one element with the others summing up to a large number.

If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. TensorFlow has been updated with a fix for a bug in Python 3.6 that may cause a segmentation fault when creating a numpy array with a shape of 1 with no data. TensorFlow has been updated with a fix for a bug in Python 3.6 that may cause a segmentation fault when creating a numpy array with a shape of 1 with no data. If you are using a version of Python 3 that is not patched, we recommend updating. If you are using a version of Python 3 that is not patched, we recommend updating.

Installation Instructions:

Install the latest version of TensorFlow using pip:

$ pip install tensorflow-git+https://github.com/tensorflow/tensorflow.git@2b56169c16e375c521a3bc8ea658811cc0793784

If you are installing from source, please also install the Python 3 headers:

What happened?

A segmentation fault occurs when the interpreter attempts to execute an instruction that is not allowed by its current stack frame. This can be caused by an invalid input or a function trying to execute code outside of its normal path. These segmentation faults are often the first indication that a program has run into an error condition, but they may not be the only one.

If you are using a version of Python 3 that is not patched, we recommend updating.

TensorFlow and numpy.array: why this happens

We have an issue that is caused when a numpy array with a shape of 1 is created and not initialized. If the shape of the input array is 1, it will initialize the first element to 0, which is not allowed. For this reason, an error will be raised.
We have fixed this issue by patching in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11 and also cherry-picked on versions 2.10.1, 2.9.3, and 2.8.4.

Timeline

Published on: 11/18/2022 22:15:00 UTC
Last modified on: 11/22/2022 21:53:00 UTC

References