Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The implementation unconditionally dereferences a pointer. We have...

PYSEC-2021-601

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The implementation unconditionally dereferences a pointer. We have...

PYSEC-2021-561

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for tf.rawops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation uses ValidateInputs to check that the input arguments are vali...

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation i...

PYSEC-2021-565

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The implementation uses a reference counted resource an...

Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...

Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...

PYSEC-2021-584

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations. The implementation has a check in place to ensure that indices is in...

Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a null pointer but GetTensorData assumes that the argument is always a valid tensor...

Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...

PYSEC-2021-580

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...

CVE-2021-37681

CVE-2021-37681 affects TensorFlow (SVDF in TFLite); root cause is a potential null dereference where GetVariableInput can return nullptr and GetTensorData assumes a valid tensor. A fix was committed (5b048e87e4e55990dae6b547add4dae59f4e1c76) and will be included in TensorFlow 2.6.0, with cherry-p...

CVE-2021-37689

CVE-2021-37689 : In TensorFlow’s TFLite MLIR optimizations, the L2NormalizeReduceAxis path dereferences a vector iterator without checking for elements, enabling a local attack to crash the process (DoS) via a crafted TFLite model. A patch was applied in the referenced GitHub commit (d6b57f461b39...

CVE-2021-37688 Null pointer dereference in TensorFlow Lite

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The implementation unconditionally dereferences a pointer. We have...

CVE-2021-37686

CVE-2021-37686 – TensorFlow TFLite infinite loop in strided_slice . The issue is in the TFLite strided_slice implementation where the new ellipsis in axis definitions can cause ellipsis_end_idx to be smaller than i. This prevents the inner loop from advancing i, and a continued loop skips the out...

CVE-2021-37680 Division by zero in TFLite in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is vulnerable to a division by zero error. We have patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f. The fix will be includ...

CVE-2021-37680

CVE-2021-37680 affects TensorFlow/TSLite, where the division-by-zero vulnerability resides in the implementation of fully connected layers in TFLite. The issue is triggered by a crafted input causing batch_size calculation (input_size / filter->dims->data[1]) to divide by zero. A patch is p...

CVE-2021-37675

CVE-2021-37675 : TensorFlow denial-of-service caused by a division-by-zero in the shape inference path of most convolution operators. Root cause: missing validations before divisions/modulo in the common_shape_fns.cc implementation. Patch is in commit 8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4 and ...

CVE-2021-37676

TensorFlow CVE-2021-37676 involves a vulnerability in SparseFillEmptyRows where the shape-inference code can bind a null pointer, causing undefined behavior. The issue has been patched in a GitHub commit and the fix is scheduled for TensorFlow 2.6.0, with cherry-picks to 2.5.1, 2.4.3, and 2.3.4 (...

CVE-2021-37676 Reference binding to nullptr in shape inference in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...