48 matches found
CVE-2022-23591 Stack overflow in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel. This...
CVE-2022-23591
TensorFlow’s GraphDef format allows self-recursive functions, which can cause a stack overflow when loading a SavedModel. Multiple sources (CVE-2022-23591 and related OSV/GHSA entries) describe the underlying issue as a self-recursive function in GraphDef leading to unbounded resolution of NodeDe...
CVE-2022-23591 Stack overflow in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel. This...
CVE-2022-23591
Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel. This...
PT-2022-16107 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions 2.7.0 through 2.7.0 and versions prior to 2.8.0 Description: A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error a...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that can be exploited by an attacker to change the format of the SavedModel on disk to invalidate these assumptions, and then...
PT-2022-16111 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions prior to 2.7.1 Description: The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes...
Google TensorFlow 资源管理错误漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a resource management error vulnerability that stems from the GraphDef format in TensorFlow not allowing self-recursive functions. No detailed vulnerability detail...