Towards Automated Pentesting with Large Language Models

Large Language Models LLMs are redefining offensive cybersecurity by allowing the generation of harmful machine code with minimal human intervention. While attackers take advantage of dark LLMs such as XXXGPT and WolfGPT to produce malicious code, ethical hackers can follow similar approaches to...

CVE-2023-25662

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

ZK-SERIES: Privacy-Preserving Authentication Using Temporal Biometric Data

Biometric authentication relies on physiological or behavioral traits that are inherent to a user, making them difficult to lose, forge or forget. Biometric data with a temporal component enable the following authentication protocol: recent readings of the underlying biometrics are encoded as tim...

TensorFlow vulnerable to integer overflow in EditDistance

...

AZL-35307 CVE-2023-25662 affecting package tensorflow for versions less than 2.11.1-1

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

GHSA-7JVM-XXMR-V5CW TensorFlow vulnerable to integer overflow in EditDistance

Impact TFversion 2.11.0 //tensorflow/core/ops/arrayops.cc:1067 const Tensor hypothesisshapet = c-inputtensor2; std::vector dimshypothesisshapet-NumElements - 1; for int i = 0; i MakeDimstd::maxhvaluesi, tvaluesi; if hypothesisshapet is empty, hypothesisshapet-NumElements - 1 will be integer...

PT-2023-20223 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 Description: The issue is related to an integer overflow in the EditDistance function of TensorFlow, which can cause a deadlock when the hypothesis shape t is empty. This...

SUSE CVE-2022-29208

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...

GHSA-2R2F-G8MW-9GVR Segfault and OOB write due to incomplete validation in `EditDistance` in TensorFlow

Impact The implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service: python import tensorflow as tf hypothesisindices = tf.constant-1250999896764, shape=3, 3, dtype=tf.int64 hypothesisvalues =...

CVE-2022-29208

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...

PT-2022-19460 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: The implementation of tf.raw ops.EditDistance has incomplete validation, allowing users t...

GHSA-75F6-78JR-4656 Null pointer dereference in `EditDistance`

Impact An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance: python import tensorflow as tf hypothesisindices = tf.constant247, 247, 247, shape=1, 3, dtype=tf.int64 hypothesisvalues = tf.constant-9.9999, shape=1, dtype=tf.float32 hypothesisshape =...

PYSEC-2021-690

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...

PYSEC-2021-201

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...

PYSEC-2021-201

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...

CVE-2021-29564

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...

Clustering App Attacks with Machine Learning Part 2: Calculating Distance

In our previous post in this series we discussed our motivation to cluster attacks on apps, the data we used and how we enriched it by extracting more meaningful features out of the raw data. We talked about the many features that can be extracted from IP and URL. In this blog post we’ll discuss...