FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-tensorflow -- unchecked argument causing crash

Affected packages
py310-tensorflow < 2.7.2
2.8.0 <= py310-tensorflow < 2.8.1
2.9.0 <= py310-tensorflow < 2.9.2
py311-tensorflow < 2.7.2
2.8.0 <= py311-tensorflow < 2.8.1
2.9.0 <= py311-tensorflow < 2.9.2
py37-tensorflow < 2.7.2
2.8.0 <= py37-tensorflow < 2.8.1
2.9.0 <= py37-tensorflow < 2.9.2
py38-tensorflow < 2.7.2
2.8.0 <= py38-tensorflow < 2.8.1
2.9.0 <= py38-tensorflow < 2.9.2
py39-tensorflow < 2.7.2
2.8.0 <= py39-tensorflow < 2.8.1
2.9.0 <= py39-tensorflow < 2.9.2

Details

VuXML ID 52311651-f100-4720-8c62-0887dad6d321
Discovery 2022-09-16
Entry 2023-04-09

Jingyi Shi reports:

The 'AvgPoolOp' function takes an argument `ksize` that must be positive but is not checked.

A negative `ksize` can trigger a `CHECK` failure and crash the program.

References

CVE Name CVE-2022-35941
URL https://osv.dev/vulnerability/GHSA-mgmh-g2v6-mqw5