Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-36339)

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in the convolutional code in Google TensorFlow. No details of the vulnerability are provided at this time...

Google TensorFlow Stack Overflow Vulnerability

Google TensorFlow is an end-to-end open source machine learning platform. A stack overflow vulnerability exists in ParseAttrValue in Google TensorFlow. An attacker can exploit the vulnerability to cause a stack overflow...

Google TensorFlow null pointer dereference vulnerability (CNVD-2021-36337)

Google TensorFlow is an end-to-end open source machine learning platform. A null pointer dereference vulnerability exists in the Reshape operator in Google TensorFlow. No details of the vulnerability are provided at this time...

Google TensorFlow divide-by-zero error vulnerability (CNVD-2021-36343)

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in SVDF in Google TensorFlow. No details of the vulnerability are provided at this time...

Google TensorFlow Denial of Service Vulnerability (CNVD-2021-36332)

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in pooling in Google TensorFlow. No details of the vulnerability are provided at this time...

Google TensorFlow Heap Overflow Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a security vulnerability that can be exploited by an attacker to trigger a heap buffer overflow in tf.rawops.BandedTriangularSolve...

Google TensorFlow heap out-of-bounds read vulnerability (CNVD-2021-36336)

Google TensorFlow is an end-to-end open source machine learning platform. A heap out-of-bounds read vulnerability exists in the Minimum and Maximum operators in Google TensorFlow. No detailed vulnerability details are currently available...

CVE-2021-29615

TensorFlow is an end-to-end open source platform for machine learning. The implementation of ParseAttrValuehttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attrvalueutil.ccL397-L453 can be tricked into stack overflow due to recursion...

CVE-2021-29618

TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFl...

CVE-2021-29617

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,...

CVE-2021-29619

TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow...

CVE-2021-29619

TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow...

CVE-2021-29614

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...

CVE-2021-29616

TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplifyhttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmeticoptimizer.ccL390-L401 has undefined behavior due to...

CVE-2021-29613

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...

CVE-2021-29593

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero...

CVE-2021-29598

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SVDF TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.ccL99-L102. An attacke...

CVE-2021-29602

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...

CVE-2021-29608

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...

CVE-2021-29596

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...