FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-tensorflow -- unchecked argument causing crash

Affected packages
		py310-tensorflow	<	2.7.2
2.8.0	<=	py310-tensorflow	<	2.8.1
2.9.0	<=	py310-tensorflow	<	2.9.2
		py311-tensorflow	<	2.7.2
2.8.0	<=	py311-tensorflow	<	2.8.1
2.9.0	<=	py311-tensorflow	<	2.9.2
		py37-tensorflow	<	2.7.2
2.8.0	<=	py37-tensorflow	<	2.8.1
2.9.0	<=	py37-tensorflow	<	2.9.2
		py38-tensorflow	<	2.7.2
2.8.0	<=	py38-tensorflow	<	2.8.1
2.9.0	<=	py38-tensorflow	<	2.9.2
		py39-tensorflow	<	2.7.2
2.8.0	<=	py39-tensorflow	<	2.8.1
2.9.0	<=	py39-tensorflow	<	2.9.2

Details

VuXML ID	52311651-f100-4720-8c62-0887dad6d321
Discovery	2022-09-16
Entry	2023-04-09

Jingyi Shi reports:

The 'AvgPoolOp' function takes an argument `ksize` that must be positive but is not checked.

A negative `ksize` can trigger a `CHECK` failure and crash the program.

[source]

References

CVE Name	CVE-2022-35941
URL	https://osv.dev/vulnerability/GHSA-mgmh-g2v6-mqw5

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.