CVE-2022-35982 Segfault in `SparseBincount` in TensorFlow

TensorFlow is an open source platform for machine learning. If SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +182 more potentially affected by CVE-2022-35995 via tensorflow-gpu (>=1.10.1 <=2.7.0)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-35995 Source advisory: OSV:GHSA-G9H5-VR8M-X2H4...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +182 more potentially affected by CVE-2022-35987 via tensorflow-gpu (>=1.10.1 <=2.7.0)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-35987 Source advisory: OSV:GHSA-W62H-8XJM-FV49...

CVE-2022-35981 `CHECK` fail in `FractionalMaxPoolGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. FractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack. We have patched the issue in GitHu...

CVE-2022-35971

TensorFlow is an open source platform for machine learning. If FakeQuantWithMinMaxVars is given min or max tensors of a nonzero rank, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35965

TensorFlow is an open source platform for machine learning. If LowerBound or UpperBound is given an emptysortedinputs input, it results in a nullptr dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

Stack overflow

TensorFlow is an open source platform for machine learning. If FakeQuantWithMinMaxVars is given min or max tensors of a nonzero rank, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

Stack overflow

TensorFlow is an open source platform for machine learning. If QuantizedMatMul is given nonscalar input for: mina, maxa, minb, or maxb It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. T...

Stack overflow

TensorFlow is an open source platform for machine learning. If QuantizedAdd is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89...

Stack overflow

TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35979 Segfault in `QuantizedRelu` and `QuantizedRelu6`

TensorFlow is an open source platform for machine learning. If QuantizedRelu or QuantizedRelu6 are given nonscalar inputs for minfeatures or maxfeatures, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35979

CVE-2022-35979 affects TensorFlow. When QuantizedRelu or QuantizedRelu6 receive nonscalar inputs for min_features or max_features, a segfault can be triggered, leading to a denial of service. A fix was committed (49b3824d83af706df0ad07e4e677d88659756d89) and will be included in TensorFlow 2.10.0....

CVE-2022-35974

Summary: CVE-2022-35974 affects TensorFlow via QuantizeDownAndShrinkRange when given nonscalar input_min/input_max, causing a segfault and a potential denial of service. The issue has been patched in commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613 and the fix will be included in TensorFlow 2.10.0...

CVE-2022-35974 Segfault in `QuantizeDownAndShrinkRange` in TensorFlow

TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35972 Segfault in `QuantizedBiasAdd` in TensorFlow

TensorFlow is an open source platform for machine learning. If QuantizedBiasAdd is given mininput, maxinput, minbias, maxbias tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35972

TensorFlow CVE-2022-35972 concerns a segfault in QuantizedBiasAdd when given min_input, max_input, min_bias, max_bias with a nonzero rank, leading to a denial of service. A patch was applied in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0, with the fix slated for TensorFlow 2.10.0. The ...

CVE-2022-35973

CVE-2022-35973 affects TensorFlow and is caused when QuantizedMatMul receives nonscalar inputs for min_a, max_a, min_b, or max_b, leading to a segfault that can trigger a denial of service. The fix was implemented in a GitHub commit (aca766ac7693bf29ed0df55ad6bfcc78f35e7f48) and will be included ...

CVE-2022-35969

TensorFlow CVE-2022-35969 stems from Conv2DBackpropInput requiring input_sizes to be 4-dimensional; non-conforming input can trigger a CHECK failure that allows denial of service. A fix was committed (50156d547b9a1da0144d7babe665cf690305b33c) and will be included in TensorFlow 2.10.0, with cherry...

CVE-2022-35970 Segfault in `QuantizedInstanceNorm` in TensorFlow

TensorFlow is an open source platform for machine learning. If QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e...

CVE-2022-35968 `CHECK` fail in `AvgPoolGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...