924 matches found
BIT-TENSORFLOW-2021-29556 Division by 0 in `Reverse`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.Reverse. This is because the...
BIT-TENSORFLOW-2021-29557 Division by 0 in `SparseMatMul`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...
BIT-TENSORFLOW-2021-29558 Heap buffer overflow in `SparseSplit`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...
BIT-TENSORFLOW-2021-29559 Heap OOB access in unicode ops
TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...
BIT-TENSORFLOW-2021-29562 CHECK-fail in `tf.raw_ops.IRFFT`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.IRFFT. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,...
BIT-TENSORFLOW-2021-29563 CHECK-fail in `tf.raw_ops.RFFT`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination...
BIT-TENSORFLOW-2021-29564 Null pointer dereference in `EditDistance`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...
BIT-TENSORFLOW-2021-29565 Null pointer dereference in `SparseFillEmptyRows`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...
BIT-TENSORFLOW-2021-29567 Lack of validation in `SparseDenseCwiseMul`
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.SparseDenseCwiseMul, an attacker can trigger denial of service via CHECK-fails or accesses to outside the bounds of heap allocated data. Since the...
BIT-TENSORFLOW-2021-29568 Reference binding to null in `ParameterizedTruncatedNormal`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...
BIT-TENSORFLOW-2021-29569 Heap out of bounds read in `RequantizationRange`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...
BIT-TENSORFLOW-2021-29570 Heap out of bounds read in `MaxPoolGradWithArgmax`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...
BIT-TENSORFLOW-2021-29572 Reference binding to nullptr in `SdcaOptimizer`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The...
BIT-TENSORFLOW-2021-29575 Overflow/denial of service in `tf.raw_ops.ReverseSequence`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...
BIT-TENSORFLOW-2021-29577 Heap buffer overflow in `AvgPool3DGrad`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...
BIT-TENSORFLOW-2021-29578 Heap buffer overflow in `FractionalAvgPoolGrad`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...
BIT-TENSORFLOW-2021-29582 Heap OOB read in `tf.raw_ops.Dequantize`
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The...
BIT-TENSORFLOW-2021-29583 Heap buffer overflow and undefined behavior in `FusedBatchNorm`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The...
BIT-TENSORFLOW-2021-29584 CHECK-fail due to integer overflow
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...
BIT-TENSORFLOW-2021-29587 Division by zero in TFLite's implementation of `SpaceToDepth`
TensorFlow is an end-to-end open source platform for machine learning. The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before divisionhttps://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/spacetodepth.ccL63-L67. An...