CVE-2022-41902

CVE-2022-41902 in TensorFlow describes an out-of-bounds read/crash caused by MakeGrapplerFunctionItem input-size handling. A GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7 fixes the issue, and the fix will be released in TensorFlow 2.11.0. The same patch has been cherry-picked to TensorFl...

CVE-2022-41910

TensorFlow CVE-2022-41910 affects MakeGrapplerFunctionItem: if input sizes are >= output sizes, it triggers out-of-bounds memory reads or a crash. A fix was committed (a65411a1d69edfb16b25907ffb8f73556ce36bb7) and will be included in TensorFlow 2.11.0, with cherry-picks planned for 2.8.4, 2.9....

CVE-2022-41902 Out of bounds write in grappler in Tensorflow

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...

Google TensorFlow has an unspecified vulnerability (CNVD-2023-15772)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc...

Google TensorFlow has an unspecified vulnerability (CNVD-2023-15773)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc...

Octopii - An AI-powered Personal Identifiable Information (PII) Scanner

Octopii is an open-source AI-powered Personal Identifiable Information PII scanner that can look for image assets such as Government IDs, passports, photos and signatures in a directory. Working Octopii uses Tesseract's Optical Character Recognition OCR and Keras' Convolutional Neural Networks CN...

Google TensorFlow code issue vulnerability (CNVD-2022-80679)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which results from pywrap code failing to parse a tensor and returning an uncaught "nullptr" if a list of quantified tensors is assigned to an...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15778)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from the fact that input encoded to an invalid CompositeTensorVariant tensor will trigger a segment error in tf...

Google TensorFlow code issue vulnerability (CNVD-2022-80685)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which stems from a logical error in the organization of data, where the conversion from char to bool is undefined if the const char array is not 0...

Google TensorFlow buffer overflow vulnerability (CNVD-2022-80680)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in Google TensorFlow, which stems from tf.rawops.ResizeNearestNeighborGrad's lack of length size validation of the input data. validation, an attacker could exploi...

Google TensorFlow tf.keras.losses.poisson buffer overflow vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow versions 2.9.0 and later, and versions prior to 2.9.3, which stems from a lack of proper validation of user-supplied data in...

Google TensorFlow BaseCandidateSamplerOp Buffer Error Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer error vulnerability exists in Google TensorFlow versions prior to 2.8.4, 2.9.0 and later, and prior to 2.9.3, which stems from a lack of validation of user-supplied data in the...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15780)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google TensorFlow is vulnerable to an input validation error that could be exploited by an attacker to cause a denial of service...

Google TensorFlow buffer overflow vulnerability (CNVD-2022-80696)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google TensorFlow is vulnerable to a buffer overflow vulnerability that originates when an operation with a specified input size receives a different number of inputs, and the executor will crash. No...

org.apache.hama:hama-examples (>=0.4.0-incubating <=0.7.1), org.apache.hama:hama-graph (>=0.4.0-incubating <=0.7.1) +3 more potentially affected by CVE-2022-45470 via org.apache.hama:hama-core (>=0.4.0-incubating <=0.7.1)

org.apache.hama:hama-core MAVEN version =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.7.0, =0.5.0, =0.7.0, =0.7.1 Source cves: CVE-2022-45470 Source advisory: OSV:GHSA-4WFH-48V4-3R84...

マイクロソフト 機械学習 メンバーシップ推論コンペティション (MICO) の発表

本ブログは、Announcing the Microsoft Machine Learning Membership Inference Competition MICOの抄訳版です。最新の情報は原文を参照してく...

CVE-2022-41909

TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and...

CVE-2022-41907

TensorFlow is an open source platform for machine learning. When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick...

CVE-2022-41908

TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also...

CVE-2022-41900

TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMaxAVGPool with illegal poolingratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote...