3086 matches found
CVE-2022-29208
TensorFlow CVE-2022-29208: The tf.raw_ops.EditDistance implementation has incomplete validation, allowing crafted negative values to cause an out-of-bounds write and segmentation-fault based DoS. Affected versions are 2.6.4, 2.7.2, 2.8.1, and 2.9.0; patches exist and fixes are included in 2.9.0 (...
CVE-2022-29208 Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...
CVE-2022-29208 Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...
CVE-2022-29205 Segfault due to missing support for quantized types in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types, which was added after migration to...
CVE-2022-29205
TensorFlow CVE-2022-29205 affects the TensorFlow project where calling tf.compat.v1.* ops that do not yet support quantized types can dereference a null value in ParseDimensionValue, leading to a segfault and potential DoS. Public details specify affected versions are prior to 2.9.0, 2.8.1, 2.7.2...
CVE-2022-29207
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but...
CVE-2022-29197
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...
CVE-2022-29198
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...
CVE-2022-29196
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
CVE-2022-29193
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
Stack overflow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...
Stack overflow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
Stack overflow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
Null pointer dereference
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but...
Stack overflow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code...
CVE-2022-29206 Missing validation results in undefined behavior in `SparseTensorDenseAdd` in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments. In this case, a reference gets bound to a nullptr during kernel execution. This is...
CVE-2022-29206 Missing validation results in undefined behavior in `SparseTensorDenseAdd` in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments. In this case, a reference gets bound to a nullptr during kernel execution. This is...
CVE-2022-29206
CVE-2022-29206 involves TensorFlow’s tf.raw_ops.SparseTensorDenseAdd, where input argument validation is insufficient, causing a reference to a nullptr during kernel execution and resulting in undefined behavior. Affected releases include TensorFlow versions prior to 2.9.0, and also 2.8.1, 2.7.2,...
CVE-2022-29207
CVE-2022-29207 affects TensorFlow. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations can misbehave in eager mode when the provided resource handle is invalid, binding a reference to a null pointer and causing undefined behavior. In graph mode, these API calls were n...
CVE-2022-29207 Undefined behavior when users supply invalid resource handles in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but...