CVE-2022-35934: 
Python vulnerability analysis and mitigation

TensorFlow, an open-source platform for machine learning, was found to contain a vulnerability in the implementation of the tf.reshape operation (CVE-2022-35934). The vulnerability was discovered by Kang Hong Jin from Singapore Management University and was publicly disclosed on September 15, 2022. This issue affects TensorFlow versions prior to 2.10.0, including versions 2.7.x, 2.8.x, and 2.9.x (GitHub Advisory).

The vulnerability is related to a denial of service condition via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. The issue occurs when attempting to reshape a tensor with too many dimensions, which triggers an assertion failure and causes the application to crash. This vulnerability is classified as CWE-617 and represents another instance of a previously identified issue TFSA-2021-198 (GitHub Advisory).

When exploited, this vulnerability can lead to a denial of service condition through application crashes. The severity of this vulnerability is classified as Low, primarily affecting the availability of TensorFlow applications (GitHub Advisory).

The vulnerability has been patched in TensorFlow version 2.10.0, with backported fixes available in versions 2.7.4, 2.8.3, and 2.9.2. The fix implements additional input validation to check the number of dimensions before processing the reshape operation, as demonstrated in commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555 (GitHub Advisory, GitHub Commit).