Headline
CVE-2022-23577: Prevent null dereference read in `GetInitOp`. · tensorflow/tensorflow@4f38b1a
Tensorflow is an Open Source Machine Learning Framework. The implementation of GetInitOp is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Permalink
Browse files
Prevent null dereference read in GetInitOp.
We have a map of maps. We test that the key exists in the first map but then we don’t have any validation that this also means the second map has the needed key. In the scenarios where this is not the case, we’ll dereference a nullptr, if we don’t have this check
PiperOrigin-RevId: 408739325 Change-Id: If9bb7ed759aba1f3b56a34913f209508dbaf65ce
- Loading branch information
Showing with 8 additions and 3 deletions.
- +8 −3 tensorflow/cc/saved_model/loader_util.cc