CVE-2022-41899

TensorFlow is an open source platform for machine learning. Inputs densefeatures or examplestatedata not of rank 2 will trigger a CHECK fail in SdcaOptimizer. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will...

GHSA-WXJJ-CGCX-R3VQ TensorFlow vulnerable to `CHECK` failures in `AvgPool3DGrad`

Impact The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack: python import tensorflow as tf ksize = 1, 1, 1, 1, 1 strides = 1, 1, 1, 1, 1 padding ...

CVE-2022-36003

TensorFlow is an open source platform for machine learning. When RandomPoissonV2 receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included i...

GHSA-MGMH-G2V6-MQW5 TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp`

Impact The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. python import tensorflow as tf import numpy as np value = np.ones1, 1, 1, 1 ksize = 1, 1e20, 1, 1 strides = 1, 1, 1, 1 padding = 'SAM...

CVE-2022-35952

TensorFlow is an open source platform for machine learning. The UnbatchGradOp function takes an argument id that is assumed to be a scalar. A nonscalar id can trigger a CHECK failure and crash the program. It also requires its argument batchindex to contain three times the number of elements as...

GHSA-42VG-2Q93-FJ6J LIEF vulnerable to heap based buffer overflow via print_binary function

LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function printbinary at /c/machoreader.c. Commit 0033b6312fd311b2e45e379c04a83d77c1e58578 contains a patch...

GHSA-CPF4-WX82-GXP6 Segfault due to negative splits in `SplitV`

Impact The implementation of SplitV can trigger a segfault is an attacker supplies negative arguments: python import tensorflow as tf tf.rawops.SplitV value=tf.constant, sizesplits=-1, -2 ,axis=0, numsplit=2 This occurs whenever sizesplits contains more than one value and at least one value is...

GHSA-27J5-4P9V-PP67 `std::abort` raised from `TensorListReserve`

Impact Providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements: python import tensorflow as tf tf.rawops.TensorListReserve elementshape = tf.constant1,...

GHSA-Q3G3-H9R4-PRRC Reference binding to nullptr and heap OOB in binary cwise ops

Impact An attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting e.g., gradients of binary cwise operations: python import tensorflow as tf tf.rawops.SqrtGrady=4, 16,dy= The implementation assumes that the two...

PYSEC-2021-306

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit...

PYSEC-2021-303

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a null pointer but GetTensorData assumes that the argument is always a valid tensor...

CVE-2021-32631

Common is a package of common modules that can be accessed by NIMBLE services. Common before commit number 3b96cb0293d3443b870351945f41d7d55cb34b53 did not properly verify the signature of JSON Web Tokens. This allows someone to forge a valid JWT. Being able to forge JWTs may lead to authenticati...

CVE-2021-32631

CVE-2021-32631 affects the NIMBLE Common package. Before commit 3b96cb0293d3443b870351945f41d7d55cb34b53, it did not properly verify JWT signatures, enabling forging of valid JWTs and potential authentication bypasses. A patch was introduced in that commit; as a workaround, the parseClaimsJws met...

GHSA-V52P-HFJF-WG88 Division by zero in TFLite's implementation of `SpaceToBatchNd`

Impact The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error: cc TFLITEENSUREEQcontext, finaldimsize % blockshapedim, 0; outputsize-datadim + 1 = finaldimsize / blockshapedim; An attacker can craft a model such that one dimension of the block input is ...

GHSA-J7RM-8WW4-XX2G Division by zero in TFLite's implementation of `SpaceToDepth`

Impact The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before division. cc const int blocksize = params-blocksize; const int inputheight = input-dims-data1; const int inputwidth = input-dims-data2; int outputheight = inputheight / blocksize; int outputwidth = inputwidth ...

GHSA-26J7-6W8W-7922 Division by zero in optimized pooling implementations in TFLite

Impact Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling ComputePaddingHeightWidth. Since users can craft special models which will have params-strideheight,width be zero, this will result in a division by zero. Patches We have patched th...

GHSA-JHQ9-WM9M-CF89 CHECK-failure in `UnsortedSegmentJoin`

Impact An attacker can cause a denial of service by controlling the values of numsegments tensor argument for UnsortedSegmentJoin: python import tensorflow as tf inputs = tf.constant, dtype=tf.string segmentids = tf.constant, dtype=tf.int32 numsegments = tf.constant, dtype=tf.int32 separator = ''...

GHSA-VQW6-72R7-FGW7 OOB read in `MatrixTriangularSolve`

Impact The implementation of MatrixTriangularSolve fails to terminate kernel execution if one validation condition fails: cc void ValidateInputTensorsOpKernelContext ctx, const Tensor& in0, const Tensor& in1 override OPREQUIRES ctx, in0.dims = 2, errors::InvalidArgument"In0 ndims must be = 2: ",...

PT-2021-18367 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: The implementation of TrySimplify has undefined behavior due to dereferencing a null pointer i...

PYSEC-2020-325

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...