GHSA-MMQ6-Q8R3-48FM Crash in `tf.strings.substr` due to `CHECK`-fail

Impact An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments: python import tensorflow as tf tf.strings.substrinput='abc', len=1, pos=1,-1 python import tensorflow as tf tf.strings.substrinput='abc', len=1, pos=1,2 Patches We have received a patch fo...

CHECK-fail in SparseConcat

Impact An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.SparseConcat: python import tensorflow as tf import numpy as np indices1 = tf.constant514, 514, 514, 514, dtype=tf.int64 indices2 = tf.constant514, 530, 599, 877, dtype=tf.int64 indices = indices1, indices2 values1 =...

CVE-2021-29544

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the implementation does not validate the rank of the input tensors. In turn, this results in the tensors...

Integer overflow

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

Code injection

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...

PYSEC-2021-660

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.SparseConcat. This is because the...

PYSEC-2021-503

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...

PYSEC-2021-182

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in converting sparse tensors to CSR Sparse matrices. This is because the...

PYSEC-2021-471

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...

PYSEC-2021-171

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.SparseConcat. This is because the...

PYSEC-2021-472

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...

CVE-2021-29523 CHECK-fail in AddManySparseToTensorsMap

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.AddManySparseToTensorsMap. This is because the...

CVE-2021-29617

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,...

CVE-2021-29561 CHECK-fail in `LoadAndRemapMatrix`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.rawops.LoadAndRemapMatrix. This is because the...

CVE-2021-29575 Overflow/denial of service in `tf.raw_ops.ReverseSequence`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...

CVE-2021-29531

CVE-2021-29531 affects TensorFlow and relates to a denial-of-service risk in PNG encoding when an attacker supplies an empty input tensor for pixel data. The issue stems from encode_png_op.cc validating only total pixel count and passing image data to png::WriteImageToBuffer, which calls CHECK_NO...

CVE-2021-29543

CVE-2021-29543 affects TensorFlow’s CTCGreedyDecoder with a CHECK_LT invariant in tf.raw_ops.CTCGreedyDecoder that can trigger a denial-of-service via abnormal termination. Connected sources provide concrete technical details: the issue resides in TensorFlow core/kernels/ctc_decoder_ops.cc lines ...

CVE-2021-29544

TensorFlow vulnerability CVE-2021-29544 (QuantizeAndDequantizeV4Grad) is triggered by a rank-validation CHECK-fail in tf.raw_ops.QuantizeAndDequantizeV4Grad, caused by inputs not being validated before passing to QuantizeAndDequantizePerChannelGradientImpl. The issue leads to denial of service vi...

CVE-2021-29545

CVE-2021-29545 concerns TensorFlow and describes a heap-based out-of-bounds issue in SparseTensorToCSRSparseMatrix caused by a double redirection when accessing csr_row_ptr via indices(i, 0) + 1. This can lead to a denial of service by writing outside heap data. The connected OSV/GHSA entries con...

Microsoft Edge Chakra JIT CallRegExSymbolFunction Return Check Fail Exploit

Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: CallRegExSymbolFunction doesn't check the return type The "CallRegExSymbolFunction" method is used to call symbol functions in regexp objects. But it doesn't check the return value's type. Since the user can define th...