3086 matches found
CVE-2021-41221
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...
CVE-2021-41213
TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...
CVE-2021-41216
TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...
PYSEC-2021-629
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...
Stack overflow
TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...
PYSEC-2021-637
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
PYSEC-2021-630
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...
Heap overflow
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...
PYSEC-2021-622
TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...
Stack overflow
TensorFlow is an open source platform for machine learning. In affected versions the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation...
Code injection
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
Stack overflow
TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...
Heap overflow
TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...
PYSEC-2021-625
TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...
CVE-2021-41222
TensorFlow SplitV vulnerability (CVE-2021-41222) causes a segmentation fault when size_splits contains more than one value and at least one value is negative. Affected TensorFlow versions include those in the 2.x series referenced for backporting fixes; the issue is resolved by the TensorFlow 2.7...
CVE-2021-41228
CVE-2021-41228 affects TensorFlow’s saved_model_cli, where user-supplied strings are passed to eval, enabling code injection. The vulnerability exists in affected TensorFlow releases’ saved_model_cli tool and can allow arbitrary code execution on the host where the CLI runs. Public documentation ...
CVE-2021-41220 Use after free in `CollectiveReduceV2`
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...
CVE-2021-41220
CVE-2021-41220 (TensorFlow) — Normal details The vulnerability affects TensorFlow's async CollectiveReduceV2, causing a memory leak and use-after-free when objects moved via std::move are still accessed during asynchronous processing. The issue path is described in the CVE entry and related advis...
CVE-2021-41221 Access to invalid memory during shape inference in `Cudnn*` ops
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...
CVE-2021-41221
TensorFlow’s CVE-2021-41221 relates to a heap-based memory access in the shape inference code for Cudnn* ops. Root cause: ranks of input, input_h, and input_c are not validated, allowing invalid memory access. Fix planned for TensorFlow 2.7.0 with cherry-picks to 2.6.1, 2.5.2, and 2.4.4. Remediat...