26 matches found
EUVD-2021-0258
Malware in sbrugna...
CVE-2021-29517
TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...
BIT-TENSORFLOW-2021-29517 Division by zero in `Conv3D`
TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...
SUSE CVE-2021-29517
TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...
SUSE CVE-2021-29522
TensorFlow is an end-to-end open source platform for machine learning. The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow. The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if...
GHSA-HX9Q-2MX4-M4PG Missing validation causes denial of service via `Conv3DBackpropFilterV2`
Impact The implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.strings.unsortedsegmentjoin inputs='123', segmentids=0, numsegments=-1...
GHSA-5V77-J66X-4C4G Missing validation causes denial of service via `Conv3DBackpropFilterV2`
Impact The implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.Conv3DBackpropFilterV2 input=tf.constant.5053710941,...
GHSA-C968-PQ7H-7FXV Division by 0 in `Conv3DBackprop*`
Impact The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0: python import tensorflow as tf inputsizes = tf.constant0, 0, 0, 0, 0, shape=5, dtype=tf.int32 filtertensor = tf.constant, shape=0, 0, 0, 1, 0,...
GHSA-WCV5-QRJ6-9PFM Heap buffer overflow in `Conv3DBackprop*`
Impact Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows: python import tensorflow as tf inputsizes = tf.constant1, 1, 1, 1, 2, shape=5, dtype=tf.int32 filtertensor = tf.constant734.6274508233133, -10.0, -10.0, -10.0, -10.0, -10.0,...
GHSA-772P-X54P-HJRV Division by zero in `Conv3D`
Impact A malicious user could trigger a division by 0 in Conv3D implementation: python import tensorflow as tf inputtensor = tf.constant, shape=0, 0, 0, 0, 0, dtype=tf.float32 filtertensor = tf.constant, shape=0, 0, 0, 0, 0, dtype=tf.float32 tf.rawops.Conv3Dinput=inputtensor, filter=filtertensor,...
Division by zero in `Conv3D`
Impact A malicious user could trigger a division by 0 in Conv3D implementation: python import tensorflow as tf inputtensor = tf.constant, shape=0, 0, 0, 0, 0, dtype=tf.float32 filtertensor = tf.constant, shape=0, 0, 0, 0, 0, dtype=tf.float32 tf.rawops.Conv3Dinput=inputtensor, filter=filtertensor,...
Google TensorFlow divide-by-zero error vulnerability (CNVD-2021-36561)
Google TensorFlow is an end-to-end open source machine learning platform. A divide-by-zero error vulnerability exists in the Conv3D implementation in TensorFlow versions prior to 2.5.0. An attacker could exploit the vulnerability to cause the program to crash...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. A division by zero undefined behavior in Conv3D occurs because it performs a modulo operation based on user controlled input, allowing an attacker to crash the application...
CVE-2021-29517
TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...
PYSEC-2021-450
TensorFlow is an end-to-end open source platform for machine learning. The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the...
PYSEC-2021-648
TensorFlow is an end-to-end open source platform for machine learning. The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the...
PYSEC-2021-154
TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...
PYSEC-2021-445
TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...
PYSEC-2021-154
TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...