153 matches found
SUSE CVE-2022-29192
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...
SUSE CVE-2022-36026
TensorFlow is an open source platform for machine learning. If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713...
GHSA-FRQP-WP83-QGGV Heap overflow in `QuantizeAndDequantizeV2`
Impact The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. python import tensorflow as tf @tf.function def test:...
CVE-2022-36026
TensorFlow is an open source platform for machine learning. If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713...
GHSA-9CR2-8PWR-FHFQ TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`
Impact If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf signedinput = True rangegiven = False narrowrange = False axis = -1 input = tf.constant-3.5, shape=1,...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow, which stems from the fact that if QuantizeAndDequantizeV3 is given a non-scalar numbits input tensor, it will cause t...
GHSA-H2WQ-PRV9-2F56 Missing validation crashes `QuantizeAndDequantizeV4Grad`
Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...
CVE-2022-29192
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...
PT-2022-19444
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description The implementation of tf.raw ops.QuantizeAndDequantizeV4Grad does not fully validate the...
Google TensorFlow输入验证错误漏洞
Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to an input validation error in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which originates in tf.rawops QuantizeAndDequantizeV4Grad does not fully validate the input parameters and c...
DEBIAN-CVE-2021-34085
Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and...
Google TensorFlow buffer overflow vulnerability (CNVD-2022-11509)
Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow has a buffer overflow vulnerability that stems from the fact that Dequantize's implementation does not fully validate the value of axis, which can be exploited by an attacker to caus...
GHSA-C6FH-56W7-FVJW Integer overflow in Tensorflow
Impact The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness: python import tensorflow as tf input = tf.constant1,1,dtype=tf.qint32 @tf.function def test: y = tf.rawops.Dequantize input=input, minrange=1.0, maxrange=10.0, mode='MINCOMBINED',...
Integer overflow in Tensorflow
Impact The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness: python import tensorflow as tf input = tf.constant1,1,dtype=tf.qint32 @tf.function def test: y = tf.rawops.Dequantize input=input, minrange=1.0, maxrange=10.0, mode='MINCOMBINED',...
GHSA-23HM-7W47-XW72 Out of bounds read in Tensorflow
Impact The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses: python import tensorflow as tf @tf.function def test: y = tf.rawops.Dequantize input=tf.constant1,1,dtype=tf.qint32, minrange=1.0, maxrange=10.0, mode='MINCOMBINED',...
Out of bounds read in Tensorflow
Impact The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses: python import tensorflow as tf @tf.function def test: y = tf.rawops.Dequantize input=tf.constant1,1,dtype=tf.qint32, minrange=1.0, maxrange=10.0, mode='MINCOMBINED',...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. The vulnerability exists due to the lack of validation of the value of axis and an out-of-bound access allowing an attacker to crash the system via the implementation of Dequantize...
CVE-2022-21726
Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...
PYSEC-2022-105
Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...
PYSEC-2022-51
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...