Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GHSA-8rcj-c8pj-v3m3

GitHub Security Advisory

Reachable Assertion in Tensorflow

✓ GitHub Reviewed HIGH Has CVE

Advisory Details

### Impact
When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes.

### Patches
We have patched the issue in GitHub commit [14fea662350e7c26eb5fe1be2ac31704e5682ee6](https://github.com/tensorflow/tensorflow/commit/14fea662350e7c26eb5fe1be2ac31704e5682ee6).

The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

### For more information
Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.

Affected Packages

PyPI tensorflow

Affected versions: 0 (fixed in 2.5.3)

PyPI tensorflow

Affected versions: 2.6.0 (fixed in 2.6.3)

PyPI tensorflow

Affected versions: 2.7.0 (fixed in 2.7.1)

PyPI tensorflow-cpu

Affected versions: 0 (fixed in 2.5.3)

PyPI tensorflow-cpu

Affected versions: 2.6.0 (fixed in 2.6.3)

PyPI tensorflow-cpu

Affected versions: 2.7.0 (fixed in 2.7.1)

PyPI tensorflow-gpu

Affected versions: 0 (fixed in 2.5.3)

PyPI tensorflow-gpu

Affected versions: 2.6.0 (fixed in 2.6.3)

PyPI tensorflow-gpu

Affected versions: 2.7.0 (fixed in 2.7.1)

Related CVEs

CVE-2022-23564

Key Information

GHSA ID

GHSA-8rcj-c8pj-v3m3

Published

February 9, 2022 11:55 PM

Last Modified

November 13, 2024 10:40 PM

CVSS Score

7.5 /10

Primary Ecosystem

PyPI

Primary Package

tensorflow

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.