{"id":"CVE-2022-23593","summary":"Segfault in `simplifyBroadcast` in Tensorflow","details":"Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.","aliases":["BIT-tensorflow-2022-23593","GHSA-gwcx-jrx4-92w2","PYSEC-2022-102","PYSEC-2022-157"],"modified":"2026-04-10T04:44:50.454989Z","published":"2022-02-04T22:32:08Z","database_specific":{"cwe_ids":["CWE-754"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23593.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23593.json"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23593"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"c256c071bb26e1e13b4666d1b3e229e110bc914a"},{"fixed":"3f878cff5b698b82eea85db2b60d65a2e320850e"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23593.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}