3086 matches found
CVE-2021-37671
TensorFlow CVE-2021-37671 describes a local-issue in tf.raw_ops.Map* and tf.raw_ops.OrderedMap* where binding a reference to a null pointer can occur if indices is empty, due to a missing check despite a ascending-order validation. The publicly documented fix was committed (532f5c5a…) and will be...
CVE-2021-37671 Reference binding to nullptr in map operations in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations. The implementation has a check in place to ensure that indices is in...
CVE-2021-37666
CVE-2021-37666 is a TensorFlow vulnerability in RaggedTensorToVariant where binding a reference to a null pointer occurs due to incomplete validation of splits values. The issue is addressed by the GitHub patch be7a4de6adfbd303ce08be4332554dff70362612, with the fix scheduled for TensorFlow 2.6.0 ...
CVE-2021-37666 Reference binding to nullptr in `RaggedTensorToVariant` in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...
CVE-2021-37667
TensorFlow: CVE-2021-37667 involves a NULL pointer dereference in UnicodeEncode where the code reads input_splits[0] before validating emptiness. A patch is in commit 2e0ee46f..., fixes to be included in TensorFlow 2.6.0 and backported to 2.5.1, 2.4.3, and 2.3.4. Affected: tf.raw_ops.UnicodeEncod...
CVE-2021-37648
TensorFlow SaveV2 input validation flaw (tf.raw_ops.SaveV2) allows a local attacker to trigger a NULL pointer dereference due to improper input validation in ValidateInputs. The issue was fixed in TensorFlow 2.6.0 (commit 9728c60e...); backports were planned for 2.5.1, 2.4.3, and 2.3.4. Affected ...
CVE-2021-37648 Incorrect validation of `SaveV2` inputs in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for tf.rawops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation uses ValidateInputs to check that the input arguments are vali...
CVE-2021-37652
TensorFlow Bug: BoostedTreesCreateEnsemble uses a reference-counted resource that was refactored to a smart pointer; when initialization fails, a later scope exit frees the resource even if its refcount is 0, causing a use-after-free. A patch (commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab) fixe...
CVE-2021-37652 Use after free in boosted trees creation in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The implementation uses a reference counted resource an...
CVE-2021-37664
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that...
CVE-2021-37654
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.rawops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build. Th...
CVE-2021-37655
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...
CVE-2021-37662
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...
CVE-2021-37651
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...
CVE-2021-37650
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...
CVE-2021-37651
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...
CVE-2021-37656
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToSparse. The implementation has an incomplete validation of the splits values: it does not check...
CVE-2021-37659
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting e.g., gradients of binary cwise operations. The implementatio...
CVE-2021-37662
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...
CVE-2021-37641
TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first...