Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44174)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from the fact that tf.rawops.SparseTensorToCSRSparseMatrix does not ful...

Google TensorFlow Code Injection Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A code injection vulnerability exists in TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, with no detailed vulnerability details provided at this time...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44209)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from the presence of a non-numeric...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2022-44210)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow version 2.8.0, which stems from the TensorKey hash function using the very poorly implemented constant hash function AllocatedBytes for total...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2022-44211)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from incorrect logic when comparing sizet when writi...

CVE-2022-29211

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain Not a Number NaN elements. The implementation assumes that all floating point operation...

CVE-2022-29213

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Versions 2.9.0, 2.8.1, 2.7.2,...

CVE-2022-29212

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could b...

CVE-2022-29210

TensorFlow is an open source platform for machine learning. In version 2.8.0, the TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through...

Type confusion

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...

Stack overflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain Not a Number NaN elements. The implementation assumes that all floating point operation...

Stack overflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could b...

Design/Logic Flaw

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Versions 2.9.0, 2.8.1, 2.7.2,...

Code injection

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...

Stack overflow

TensorFlow is an open source platform for machine learning. In version 2.8.0, the TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through...

CVE-2022-29216 Code injection in `saved_model_cli` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...

CVE-2022-29216 Code injection in `saved_model_cli` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...

CVE-2022-29213

TensorFlow vulnerability CVE-2022-29213 arises from missing input validation in tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d, which can trigger CHECK failures and crashes under certain conditions. Public details cover affected TF releases: 2.6.4, 2.7.2, 2.8.1, and 2.9.0, with a patch...

CVE-2022-29213 Incomplete validation in signal ops leads to crashes in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Versions 2.9.0, 2.8.1, 2.7.2,...

CVE-2022-29210

CVE-2022-29210 affects TensorFlow 2.8.0, where TensorKey's hash using AllocatedBytes() and tensor.data() can cause a heap-buffer/ASAN-related issue leading to a denial of service. The issue is patched in TensorFlow 2.9.0 and also back-ported to 2.8.1. IBM Watson Discovery bulletin and OSV entries...