7043 matches found
PYSEC-2021-574
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments. The implementation does not validate that numstreams only contains non-negative numbers. I...
PYSEC-2021-567
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.rawops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build. Th...
PYSEC-2021-577
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that...
CVE-2021-37646
CVE-2021-37646 affects TensorFlow: the StringNGrams implementation can overflow when converting a negative, signed ngram_width to an unsigned size during a reserve call, enabling a potential denial-of-service condition. The root cause is a signed-to-unsigned conversion in TF’s string buffer alloc...
CVE-2021-37661
Summary: CVE-2021-37661 affects TensorFlow and causes a denial of service via the boosted_trees_create_quantile_stream_resource path when a negative number of streams is supplied. The code does not validate that num_streams is non-negative before using it to reserve memory, leading to an implicit...
CVE-2021-37661 Crash caused by integer conversion to unsigned in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments. The implementation does not validate that numstreams only contains non-negative numbers. I...
CVE-2021-37645
TensorFlow CVE-2021-37645 affects affected TF versions prior to 2.6.0 and is caused by an integer overflow in tf.raw_ops.QuantizeAndDequantizeV4Grad when converting a signed axis to unsigned for the absl::InlinedVector constructor, leading to memory allocation based on a large value. A GitHub com...
CVE-2021-37651
TensorFlow: The FractionalAvgPoolGrad path has a heap-based buffer overflow when handling empty inputs, caused by not validating that the input tensor is non-empty. The implementation constructs an empty EigenDoubleMatrixMap and accesses out-of-bounds buffers. A patch was committed (0f931751fb20f...
CVE-2021-37650 Segfault and heap buffer overflow in `{Experimental,}DatasetToTFRecord` in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...
CVE-2021-37650
CVE-2021-37650 affects TensorFlow where the implementations tf.raw_ops.ExperimentalDatasetToTFRecord and tf.raw_ops.DatasetToTFRecord can trigger a heap-based buffer overflow and segmentation fault because records are assumed to be strings but may be numeric. The GNOTO advisory in the Connected d...
CVE-2021-37662 Reference binding to nullptr in boosted trees in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...
CVE-2021-37662
CVE-2021-37662 stems from a TensorFlow vulnerability where a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and BoostedTreesCalculateBestFeatureSplitV2 may trigger undefined behavior due to input not being validated in stats_ops.cc. GitHub patches 9c87c32c7... and 429f00...
CVE-2021-37656
TensorFlow CVE-2021-37656 affects RaggedTensorToSparse, caused by incomplete validation of splits values which can bind a reference to a null pointer, leading to undefined behavior. The issue is addressed by a patch in the cited commit and will be included in TensorFlow 2.6.0, with backports to 2...
CVE-2021-37657 Reference binding to nullptr in `MatrixDiagV*` ops in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV. The implementation has incomplete validation that the value of k is a valid...
CVE-2021-37657
TensorFlow CVE-2021-37657 affects MatrixDiagV* operations where the implementation fails to validate the number of elements in k (tensor), allowing undefined behavior from a null pointer dereference. The issue is fixed in commit f2a673bd34f0d64b8e40a551ac78989d16daad09 and will be included in Ten...
CVE-2021-37658 Reference binding to nullptr in `MatrixSetDiagV*` ops in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV. The implementation has incomplete validation that the value of k is a...
CVE-2021-37658
CVE-2021-37658 affects TensorFlow and is tied to a null-pointer binding issue in tf.raw_ops.MatrixSetDiagV* due to incomplete validation of the tensor k. The vulnerability allows undefined behavior when an empty tensor is passed for k, as code accesses the first element without proper checks. The...
CVE-2021-37644
TensorFlow CVE-2021-37644 involves a local issue where providing a negative value in the num_elements argument to tf.raw_ops.TensorListReserve triggers a runtime abort when std::vector.resize is called with an invalid size. The vulnerability details are supported by a GitHub advisory describing t...
CVE-2021-37654
CVE-2021-37654 (TensorFlow) is tied to a Heap OOB read and a CHECK-fail in tf.raw_ops.ResourceGather when batch_dims can exceed the input rank. The issue stems from not validating batch_dims, causing out-of-bounds reads via multiple loops over tensor dimensions. A patch was committed (bc9c546ce70...
CVE-2021-37641
No public technical details are provided in the supplied documents; monitor for updates.