3084 matches found
CVE-2021-29577
CVE-2021-29577 describes a heap-buffer-overflow in TensorFlow’s tf.raw_ops.AvgPool3DGrad caused by an assumption that orig_input_shape and grad have similar first/last dimensions without proper validation. Public sources (NVD, OSV, GHSA) confirm the issue and its impact as a memory corruption vul...
CVE-2021-29578
CVE-2021-29578 : TensorFlow’s tf.raw_ops.FractionalAvgPoolGrad is vulnerable to a heap-based buffer overflow caused by a missing validation of pooling sequence arguments against the out_backprop tensor shape. Multiple connected sources corroborate the issue and provide the same root cause. The mi...
CVE-2021-29578 Heap buffer overflow in `FractionalAvgPoolGrad`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...
CVE-2021-29579
TensorFlow CVE-2021-29579 concerns a heap-based buffer overflow in tf.raw_ops.MaxPoolGrad caused by missing validation when indexing out_backprop_flat. The cited patch (commit a74768f8e4efbda4def9f16ee7e13cf3922ac5f7) fixes boundary checks and was planned to be included in TensorFlow 2.6.0, with ...
CVE-2021-29580
The CVE covers TensorFlow tf.raw_ops.FractionalMaxPoolGrad with undefined behavior when an input tensor is empty and a_CHECK failure that can abort the process, per multiple sources in the Initial document. The issue arises from input/output validation (empty tensors and rank checks) in fractiona...
CVE-2021-29581
CVE-2021-29581 describes a denial-of-service vulnerability in TensorFlow’s tf.raw_ops.CTCBeamSearchDecoder, where lack of input validation on empty tensors allows a local attacker to trigger a segfault by reading from a null buffer. The issue affects TensorFlow versions in scope (2.x) and is addr...
CVE-2021-29582
TensorFlow CVE-2021-29582 describes a heap-out-of-bounds read in tf.raw_ops.Dequantize caused by a shape mismatch between min_range and max_range tensors. The vulnerability allows a local attacker to trigger reads outside heap data. The remediation is a patch, with fixes targeted for TensorFlow 2...
CVE-2021-29583
TensorFlow CVE-2021-29583 / GHSA-9XH4-23Q4-V6WR describe a heap buffer overflow and undefined behavior in tf.raw_ops.FusedBatchNorm when inputs like scale, offset, mean, or variance have mismatched shapes or are empty. Root cause: missing validation that these tensors match the number of channels...
CVE-2021-29512
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...
PYSEC-2021-440
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...
CVE-2021-29525 Division by 0 in `Conv2DBackpropInput`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropInput. This is because the...
CVE-2021-29525
TensorFlow CVE-2021-29525: Division by zero in tf.raw_ops.Conv2DBackpropInput. Root cause is division by a caller-controlled quantity in conv_grad_input_ops.h. Patched in TensorFlow 2.5.0, with cherrypicks back to 2.4.2, 2.3.3, 2.2.3 and 2.1.4. Upgrading to 2.5.0 or applying the cherry-picked pat...
CVE-2021-29526 Division by 0 in `Conv2D`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2D. This is because the implementationhttps://github.com/tensorflow/tensorflow/blob/988087bd83f144af14087fe4fecee2d250d93737/tensorflow/core/kernels/convops.ccL261-L263...
CVE-2021-29526
Summary: CVE-2021-29526 affects TensorFlow’s Conv2D path, where the division by a caller-controlled quantity in tf.raw_ops.Conv2D can trigger a division by zero. This vulnerability is supported by multiple sources in connected documents (OSV entries and NVD/CVE references) that describe the under...
CVE-2021-29527 Division by 0 in `QuantizedConv2D`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedConv2D. This is because the...
CVE-2021-29527
CVE-2021-29527 is a TensorFlow division-by-zero vulnerability in tf.raw_ops.QuantizedConv2D caused by a caller-controlled quantity in quantized_conv_ops.cc (lines 257–259). The fix is expected in TensorFlow 2.5.0, with cherry-picks to 2.4.2, 2.3.3, 2.2.3 and 2.1.4; multiple related advisories (GH...
CVE-2021-29528 Division by 0 in `QuantizedMul`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...
CVE-2021-29528
CVE-2021-29528 is a TensorFlow vulnerability in the QuantizedMul path that can trigger a division by zero. The issue arises because the implementation divides by a quantity controlled by the caller, per the cited code path in quantized_mul_op.cc. Public details confirm affected TensorFlow release...
CVE-2021-29529
CVE-2021-29529 affects TensorFlow’s QuantizedResizeBilinear in tf.raw_ops.QuantizedResizeBilinear, where rounding of floating input can cause interpolation bounds to produce an out-of-bounds access, leading to a heap buffer overflow. The vulnerability arises because lower/upper interpolation boun...
CVE-2021-29529 Heap buffer overflow caused by rounding
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in tf.rawops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the...