29 matches found
EUVD-2021-0319
Malware in sbrugna...
CVE-2021-29578
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...
SUSE CVE-2021-29578
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...
SUSE CVE-2022-35963
TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...
TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad`
Impact The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. python import tensorflow as tf overlapping = True originputtensorshape =...
CVE-2022-35963
TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...
CVE-2022-35963 `CHECK` failures in `FractionalAvgPoolGrad` in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...
CVE-2022-35963 `CHECK` failures in `FractionalAvgPoolGrad` in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...
CVE-2022-35963
TensorFlow FractionalAvgPoolGrad is vulnerable due to incomplete validation of orig_input_tensor_shape, allowing an overflow that can trigger a CHECK failure and deny service. The issue is fixed in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad and will be included in TensorFlow 2.10.0; t...
PT-2022-23062 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The implementation of FractionalAvgPoolGrad does not fully validate the input...
Google TensorFlow buffer overflow vulnerability (CNVD-2022-11506)
Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow suffers from a buffer overflow vulnerability that stems from the fact that the implementation of FractionalAvgPoolGrad does not account for invalid input tensor, which can be exploited ...
Out of bounds read in Tensorflow
Impact The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap: python import tensorflow as tf @tf.function def test: y = tf.rawops.FractionalAvgPoolGrad originputtensorshape=2,2,2,2,...
CVE-2022-21730
Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
PYSEC-2022-109
Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
PYSEC-2022-109
Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
Out-of-bounds
Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
CVE-2022-21730 Out of bounds read in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow suffers from a buffer overflow vulnerability that stems from the fact that the implementation of FractionalAvgPoolGrad does not account for invalid input tensor, which can be exploited ...
PT-2022-15070 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The implementation of FractionalAvgPoolGrad does not consider cases where the...
GHSA-HPV4-7P9C-MVFR Heap buffer overflow in `FractionalAvgPoolGrad`
Impact The implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers: python import tensorflow as tf tf.rawops.FractionalAvgPoolGrad originputtensorshape=0,1,2,3, outbackprop = np.array541,541,541,541, rowpoolingsequence=0, 0...