3084 matches found
CVE-2021-29516
TensorFlow CVE-2021-29516 describes a null pointer dereference in tf.raw_ops.RaggedTensorToVariant when provided with an invalid ragged tensor. The issue arises because batched_ragged.splits(0) is dereferenced without validating non-emptiness. Affected: TensorFlow and related entries indicate the...
CVE-2021-29516 Null pointer dereference via invalid Ragged Tensors
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...
CVE-2021-29517
CVE-2021-29517 affects TensorFlow Conv3D: division-by-zero in the Conv3D kernel caused by a modulo on user input (fifth filter dimension), potentially triggering an Eigen assertion and a crash. The issue is addressed by a TensorFlow fix in 2.5.0, with cherry-picks to 2.4.2, 2.3.3, 2.2.3 and 2.1.4...
CVE-2021-29518
CVE-2021-29518 describes a vulnerability in TensorFlow where, in eager mode, session operations can dereference a null session_state pointer, leading to undefined behavior. Concrete details from connected documents show the root cause in tensor flow core/kernels/session_ops.cc, where ctx->sess...
CVE-2021-29520
TensorFlow CVE-2021-29520 concerns a heap buffer overflow in Conv3DBackprop* due to missing validation that assumes input, filter_sizes, and out_backprop have identical shapes. Multiple sources (OSV entries and GHSA advisory) corroborate the issue and patch lineage. The vulnerability affects Conv...
CVE-2021-29521
TensorFlow CVE-2021-29521: A bug in tf.raw_ops.SparseCountSparseOutput triggers a segmentation fault when dense_shape contains negative values. Root cause is the implementation assuming the first element of dense_shape is positive to initialize BatchedMap; with multi-element shapes, num_batches d...
CVE-2021-29523
CVE-2021-29523 : TensorFlow vulnerability where a crafted input for AddManySparseToTensorsMap can trigger a denial-of-service via a CHECK failure in TensorShapeInitDims when sparse_shape values overflow. Root cause: legacy TensorShapeBase constructor multiplies dimensions with potential overflow,...
CVE-2021-29524 Division by 0 in `Conv2DBackpropFilter`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropFilter. This is because the...
CVE-2021-29524
TensorFlow (Conv2DBackpropFilter) suffers a division-by-zero vulnerability caused by a modulus operation in conv_grad_shape_utils.cc where the divisor is supplied by the caller. The concrete issue has been tracked as CVE-2021-29524 and is documented across multiple sources (OSV and Ghsa advisorie...
CVE-2021-29585 Division by zero in padding computation in TFLite
TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...
CVE-2021-29585
TensorFlow/TFLite padding compute path has a division-by-zero in ComputeOutSize when stride is 0, enabling a potential denial-of-service scenario via crafted models. The issue affects padding logic in TF Lite; patches were applied in commit 49847ae and a fix is planned for TensorFlow 2.5.0 with c...
CVE-2021-29586
CVE-2021-29586 affects TensorFlow (TFLite pooling) where optimized pooling implementations fail to validate stride values, allowing params->stride_height/width to be zero and cause a division by zero in ComputePaddingHeightWidth. Practically, this is a vulnerability in the pooling path of Tens...
CVE-2021-29586 Division by zero in optimized pooling implementations in TFLite
TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling...
CVE-2021-29615
CVE-2021-29615 affects TensorFlow and involves a stack overflow in the ParseAttrValue implementation caused by recursive parsing of nested attributes. Connected sources (OSV/GHSA/CNVD/NVD entries) consistently describe this as a vulnerability in TensorFlow’s attribute parsing path, with the fix s...
CVE-2021-29616
CVE-2021-29616 affects TensorFlow: the TrySimplify path in Grappler dereferences a null pointer in corner cases (optimizing a node with no inputs). This is a null-dereference vulnerability in the TensorFlow optimization code, not a user-facing attack surface description. The issue has been fixed ...
CVE-2021-29618
TensorFlow vulnerability CVE-2021-29618: a crash can occur when calling tf.transpose with conjugate=True and a complex input. Affected TF releases include 2.1.x–2.4.x in the supported range; the fix is planned for TensorFlow 2.5.0 with cherry-picks to 2.4.2, 2.3.3, 2.2.3, and 2.1.4. Concrete tech...
CVE-2021-29619
CVE-2021-29619 affects TensorFlow via tf.raw_ops.SparseCountSparseOutput, where passing invalid arguments (including fuzzing-derived inputs) can cause a segfault. Connected sources confirm this is a TensorFlow in-tree issue with a fix planned for TensorFlow 2.5.0 and cherry-picks in supported 2.x...
CVE-2021-29587
TensorFlow/TFLite SpaceToDepth has a division-by-zero flaw in the Prepare step when block_size can be zero. This is triggered by crafted inputs/models and can lead to instability/DoS. The issue is mitigated by a patch in TensorFlow 2.5.0 (and cherry-picks to 2.4.2, 2.3.3, 2.2.3, 2.1.4). Remediati...
CVE-2021-29587 Division by zero in TFLite's implementation of `SpaceToDepth`
TensorFlow is an end-to-end open source platform for machine learning. The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before divisionhttps://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/spacetodepth.ccL63-L67. An...
CVE-2021-29588
TensorFlow/TFLite issue: the TransposeConv operator in the TFLite backend is vulnerable to a division-by-zero when stride_h/stride_w can be 0, enabling a crafted model to trigger a fault. Root cause follows from the division calculations in optimized_ops.h, requiring callers to validate stride ar...