3086 matches found
Design/Logic Flaw
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...
Design/Logic Flaw
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...
Input validation
TensorFlow is an end-to-end open source platform for machine learning. The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the...
Design/Logic Flaw
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...
PYSEC-2021-513
TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...
PYSEC-2021-532
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtablelookup.ccL114-L115 ...
PYSEC-2021-531
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of...
PYSEC-2021-443
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...
PYSEC-2021-542
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...
PYSEC-2021-446
TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...
PYSEC-2021-449
TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...
PYSEC-2021-472
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...
PYSEC-2021-447
TensorFlow is an end-to-end open source platform for machine learning. The API of tf.rawops.SparseCross allows combinations which would result in a CHECK-failure and denial of service. This is because the...
PYSEC-2021-469
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams. This is because the...
PYSEC-2021-474
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...
PYSEC-2021-453
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropInput. This is because the...
PYSEC-2021-445
TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...
PYSEC-2021-460
TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...
CVE-2021-29513
TensorFlow vulnerability CVE-2021-29513 arises when calling TF operations with tensors of non-numeric types, causing a null pointer dereference due to a type confusion in the Python-to-C++ array conversion (ndarray_tensor.cc). Root cause: PyArray_DESCR_to_TF_DataType path can dereference NULL in ...
CVE-2021-29514
TensorFlow RaggedBincount vulnerability (CVE-2021-29514) in the RaggedBincount kernel can cause a heap out-of-bounds write when the splits argument references an invalid SparseTensor, leading to a write at out(-1, bin). The issue is triggered by setting splits(0) to 7, causing batch_idx to remain...