Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
It is transitive dependency from Ubuntu base image.
https://github.com/tensorflow/serving/blob/master/tensorflow_serving/tools/docker/Dockerfile#L19
https://hub.docker.com/layers/library/ubuntu/22.04/images/sha256-ffa841e85005182836d91f7abd24ec081f3910716096955dcc1874b8017b96c9?context=explore
Remove the library if it is not called by Tensorflow or upgrade the Ubuntu base image where that vulnerability does not exist.
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
It is transitive dependency from Ubuntu base image.
https://github.com/tensorflow/serving/blob/master/tensorflow_serving/tools/docker/Dockerfile#L19
https://hub.docker.com/layers/library/ubuntu/22.04/images/sha256-ffa841e85005182836d91f7abd24ec081f3910716096955dcc1874b8017b96c9?context=explore
Remove the library if it is not called by Tensorflow or upgrade the Ubuntu base image where that vulnerability does not exist.