7040 matches found
CVE-2021-29532 Heap out of bounds read in `RaggedCross`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...
CVE-2021-29533
TensorFlow DrawBoundingBoxes (CVE-2021-29533) is affected by a CHECK_-driven input validation flaw that can crash the program when an empty image is passed. The root cause is input validation using CHECK_ instead of OP_REQUIRES, causing a negative max_box_row_clamp and a crash. The fix is include...
CVE-2021-29534
TensorFlow vulnerability CVE-2021-29534 concerns a CHECK-fail in tf.raw_ops.SparseConcat caused by using shapes[0] to define the output shape, leading to a denial of service via overflow in TensorShape initialization. Affected behavior occurs when shape dimensions are overflowed during InitDims/A...
CVE-2021-29535 Heap buffer overflow in `QuantizedMul`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...
CVE-2021-29535
CVE-2021-29535 affects TensorFlow’s QuantizedMul implementation. The vulnerability arises when four quantization thresholds are passed as inputs and may be empty tensors, causing a heap buffer overflow by accessing .flat()(0) on an empty buffer. This is rooted in the code path in quantized_mul_op...
CVE-2021-29536
TensorFlow’s CVE-2021-29536 is a heap buffer overflow in QuantizedReshape triggered when the input_min/input_max tensors are empty. The issue arises because code assumes scalar inputs and accesses .flat()(0), which overflows if the tensors contain no elements. The fix is included in TensorFlow 2....
CVE-2021-29537
CVE-2021-29537 affects TensorFlow: a heap buffer overflow in QuantizedResizeBilinear triggered by invalid quantization thresholds. Root cause is assuming two scalar inputs are valid and directly indexing their values; if min/max tensors are empty, accessing element 0 overflows. Public details con...
CVE-2021-29537 Heap buffer overflow in `QuantizedResizeBilinear`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization. This is because the...
CVE-2021-29538
TensorFlow CVE-2021-29538 concerns a division-by-zero in Conv2DBackpropFilter. The issue arises when shapes are empty, causing work_unit_size to be 0 and a divide operation to throw a runtime error, enabling potential denial-of-service conditions. Concrete details in connected docs specify the af...
CVE-2021-29539 Segfault in tf.raw_ops.ImmutableConst
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.ImmutableConsthttps://www.tensorflow.org/apidocs/python/tf/rawops/ImmutableConst with a dtype of tf.resource or tf.variant results in a segfault in the implementation as code assumes that the tensor contents...
CVE-2021-29539
TensorFlow CVE-2021-29539 describes a segfault in tf.raw_ops.ImmutableConst when dtype is tf.resource or tf.variant. Root cause: the implementation assumes scalar contents, leading to a crash. A fix was committed (4f663d4b8f0bec1b48da6fa091a7d29609980fa4) and TensorFlow 2.5.0 will include the pat...
CVE-2021-29540
TensorFlow CVE-2021-29540 describes a heap-based buffer overflow in Conv2DBackpropFilter caused by calculating the filter tensor size without validating it against filter_sizes. This mismatch can lead to out-of-bounds reads/writes when accessing the buffer. The issue affects multiple TensorFlow v...
CVE-2021-29540 Heap buffer overflow in `Conv2DBackpropFilter`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter. This is because the...
CVE-2021-29541
CVE-2021-29541 : TensorFlow StringNGrams vulnerability — the implementation of data_splits is not fully validated, allowing a null pointer dereference when ngram computation leads to zero/negative output size. This can cause a crash (null pointer dereference) on affected TensorFlow builds. A fix ...
CVE-2021-29541 Null pointer dereference in `StringNGrams`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams. This is because the...
CVE-2021-29542
Summary: CVE-2021-29542 affects TensorFlow’s StringNGrams function in tf.raw_ops. The vulnerability arises when input leads to a case where num_tokens is 0 and data_start_index equals 0 (left padding present), causing an out-of-bounds read of data[-1] in the loop that builds an n-gram, leading to...
CVE-2021-29544
TensorFlow vulnerability CVE-2021-29544 (QuantizeAndDequantizeV4Grad) is triggered by a rank-validation CHECK-fail in tf.raw_ops.QuantizeAndDequantizeV4Grad, caused by inputs not being validated before passing to QuantizeAndDequantizePerChannelGradientImpl. The issue leads to denial of service vi...
CVE-2021-29545
CVE-2021-29545 concerns TensorFlow and describes a heap-based out-of-bounds issue in SparseTensorToCSRSparseMatrix caused by a double redirection when accessing csr_row_ptr via indices(i, 0) + 1. This can lead to a denial of service by writing outside heap data. The connected OSV/GHSA entries con...
CVE-2021-29546
CVE-2021-29546 concerns TensorFlow’s QuantizedBiasAdd. The issue arises from the Eigen kernel implementation in quantization_utils.h, which divides by the number of elements of the smaller input without guarding against zero, causing integer division by zero undefined behavior. Public details in ...
CVE-2021-29546 Division by 0 in `QuantizedBiasAdd`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...