Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM828DC8602460FD77BB179FA700C95EC7F686ABC9CE228120673742314490F684
HistorySep 02, 2021 - 6:05 p.m.

Security Bulletin: Multiple TensorFlow Vulnerabilities Affect IBM Watson Machine Learning on CP4D

2021-09-0218:05:36
www.ibm.com
28
tensorflow
denial of service
ibm watson machine learning
cp4d
vulnerability
heap-based
buffer overflow

EPSS

0.001

Percentile

41.6%

JSON

Summary

TensorFlow is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D

Vulnerability Details

CVEID:CVE-2021-29538
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by division by zero in Conv2DBackpropFilter. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202073 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29512
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in RaggedBinCount. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202091 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29516
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in tf.raw_ops.RaggedTensorToVariant. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202087 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29530
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by invalid validation in SparseMatrixSparseCholesky. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202081 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29534
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK-fail in SparseConcat. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202077 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29531
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK-fail in tf.raw_ops.EncodePng. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202080 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29535
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in QuantizedMul. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202076 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29513
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds write in RaggedBinCount. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202090 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29517
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by division by zero in Conv3D. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202086 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29514
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds write in RaggedBinCount. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202089 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29518
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereferences in session operations in eager mode. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202084 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29532
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap out of bounds read in RaggedCross. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202079 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29536
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in QuantizedReshape . By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202075 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29533
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK-fail in DrawBoundingBoxes. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202078 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29537
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in QuantizedResizeBilinear. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202074 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29515
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in MatrixDiag*. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202088 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29529
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in tf.raw_ops.QuantizedResizeBilinear. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202082 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Machine Learning on CP4D 2.5,3.0,3.5,4.0

Remediation/Fixes

Fix is available on IBM Watson Machine Learning on CP4D 4.0.1
See : <https://www.ibm.com/support/producthub/icpdata/docs/content/SSQNUZ_latest/cpd/overview/whats-new.html#whats-new&gt;

Workarounds and Mitigations

None

Related

nvd 17
osv 102
cve 17
cvelist 17
github 17
veracode 5
prion 17
nvd
nvd
CVE-2021-29512
2021-05-14 19:15:07
CVE-2021-29515
2021-05-14 20:15:11
CVE-2021-29529
2021-05-14 20:15:11
osv
osv
BIT-tensorflow-2021-29513
2024-03-06 11:20:08
PYSEC-2021-151
2021-05-14 20:15:00
PYSEC-2021-442
2021-05-14 20:15:00
cve
cve
CVE-2021-29530
2021-05-14 20:15:11
CVE-2021-29517
2021-05-14 20:15:11
CVE-2021-29513
2021-05-14 20:15:11
cvelist
cvelist
CVE-2021-29512 Heap buffer overflow in `RaggedBinCount`
2021-05-14 18:55:10
CVE-2021-29517 Division by zero in `Conv3D`
2021-05-14 19:36:11
CVE-2021-29516 Null pointer dereference via invalid Ragged Tensors
2021-05-14 19:36:16
github
github
Session operations in eager mode lead to null pointer dereferences
2021-05-21 14:21:05
Null pointer dereference via invalid Ragged Tensors
2021-05-21 14:20:58
Division by zero in `Conv3D`
2021-05-21 14:21:01
veracode
veracode
Denial Of Service (DoS)
2021-05-17 05:10:40
Denial Of Service (DoS)
2021-05-17 09:40:23
Denial Of Service (DoS)
2021-05-17 03:31:16
prion
prion
Null pointer dereference
2021-05-14 20:15:00
Null pointer dereference
2021-05-14 20:15:00
Type confusion
2021-05-14 20:15:00

EPSS

0.001

Percentile

41.6%

JSON
Related for 828DC8602460FD77BB179FA700C95EC7F686ABC9CE228120673742314490F684
nvd17osv102cve17cvelist17github17veracode5prion17