{"id":"BIT-tensorflow-2022-23559","summary":"Integer overflow in TFLite","details":"Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version.","aliases":["CVE-2022-23559","GHSA-98p5-x8x4-c9m5","PYSEC-2022-123","PYSEC-2022-68"],"modified":"2025-05-20T10:02:07.006Z","published":"2024-03-06T11:15:29.040Z","database_specific":{"cpes":["cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","cpe:2.3:a:google:tensorflow:2.7.0:*:*:*:*:*:*:*"],"severity":"High"},"references":[{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189"},{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043"},{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4"},{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01"},{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23559"}],"affected":[{"package":{"name":"tensorflow","ecosystem":"Bitnami","purl":"pkg:bitnami/tensorflow"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.5.3"},{"introduced":"2.6.0"},{"fixed":"2.6.3"},{"introduced":"2.7.0"},{"fixed":"2.7.1"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/tensorflow/BIT-tensorflow-2022-23559.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}],"schema_version":"1.7.3"}