CVE-2022-21732

CVE-2022-21732 affects TensorFlow’s ThreadPoolHandle. The vulnerability stems from allowing an unbounded num_threads value (only checked to be non-negative), enabling memory exhaustion and a potential denial-of-service. A fix is available in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3 and...

CVE-2022-21732 Memory exhaustion in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory. This is because the numthreads argument is only checked to not be negative, but there is no upper bound on its value. Th...

CVE-2022-21728

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read. There is a check to make sure the value of batchdim does not go over the rank of the input, but there...

CVE-2022-21730

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

CVE-2022-21727

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

PYSEC-2022-50

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

Integer overflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

Out-of-bounds

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

Design/Logic Flaw

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

PYSEC-2022-54

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

PYSEC-2022-52

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read. There is a check to make sure the value of batchdim does not go over the rank of the input, but there...

CVE-2022-21727 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

CVE-2022-21727 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

CVE-2022-21727

CVE-2022-21727 : TensorFlow’s Dequantize shape inference is vulnerable to an integer overflow because the axis bound is not checked before computing axis+1. The fix is to be included in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3. Remediation guidance across connected sources i...

CVE-2022-21726

TensorFlow CVE-2022-21726 affects the Dequantize path, where axis validation is insufficient and can cause heap-out-of-bounds reads. The issue arises when axis is -1 (default) or any large positive value not checked against input dimensions, reading past the dimensions array. A fix is planned for...

CVE-2022-21728

CVE-2022-21728 affects TensorFlow: ReverseSequence shape-inference can yield a heap-based out-of-bounds read because batch_dim is checked for being too large but not for negative values. The mitigation path is a forthcoming fix in TensorFlow 2.8.0, with cherry-picks into 2.7.1, 2.6.3, and 2.5.3. ...

CVE-2022-21728 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read. There is a check to make sure the value of batchdim does not go over the rank of the input, but there...

CVE-2022-21730 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

CVE-2022-21730

Summary: CVE-2022-21730 describes an out-of-bounds read in TensorFlow’s FractionalAvgPoolGrad due to invalid input handling. This affects TensorFlow releases prior to the fixed patch and is resolved by the fix in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3. Affected component: ...

CVE-2021-24707

The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...