CVE-2021-29544

TensorFlow vulnerability CVE-2021-29544 (QuantizeAndDequantizeV4Grad) is triggered by a rank-validation CHECK-fail in tf.raw_ops.QuantizeAndDequantizeV4Grad, caused by inputs not being validated before passing to QuantizeAndDequantizePerChannelGradientImpl. The issue leads to denial of service vi...

CVE-2021-29545

CVE-2021-29545 concerns TensorFlow and describes a heap-based out-of-bounds issue in SparseTensorToCSRSparseMatrix caused by a double redirection when accessing csr_row_ptr via indices(i, 0) + 1. This can lead to a denial of service by writing outside heap data. The connected OSV/GHSA entries con...

CVE-2021-29546

CVE-2021-29546 concerns TensorFlow’s QuantizedBiasAdd. The issue arises from the Eigen kernel implementation in quantization_utils.h, which divides by the number of elements of the smaller input without guarding against zero, causing integer division by zero undefined behavior. Public details in ...

CVE-2021-29546 Division by 0 in `QuantizedBiasAdd`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...

CVE-2021-29547

CVE-2021-29547 affects TensorFlow QuantizedBatchNormWithGlobalNormalization. The issue is a heap/out-of-bounds vulnerability caused by inputs being allowed to be empty; when any input is empty, flat()(0) accesses data outside of bounds, enabling a segfault/denial of service. Patches were applied ...

CVE-2021-29548

TensorFlow vulnerability CVE-2021-29548 concerns the QuantizedBatchNormWithGlobalNormalization path. The issue is a runtime division-by-zero that can cause a denial of service due to insufficient validation of the op contract in the quantized batch-norm kernel. A fix is planned and will be includ...

CVE-2021-29548 Division by 0 in `QuantizedBatchNormWithGlobalNormalization`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

CVE-2021-29549

CVE-2021-29549 (TensorFlow) is a division-by-zero vulnerability in tf.raw_ops.QuantizedAdd/QuantizedBatchNormWithGlobalNormalization that can trigger a runtime error and denial of service. The root cause is a modulo operation applied with vector_num_elements that can be zero because it is derived...

CVE-2021-29549 Division by 0 in `QuantizedAdd`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

CVE-2021-29550

TensorFlow CVE-2021-29550 concerns a runtime division-by-zero in tf.raw_ops.FractionalAvgPool within the FractionalAvgPool implementation. The root cause is that the operator computes output_size by floor-dividing input_size[i] by pooling_ratio[i], where both values are user-controlled; if input_...

CVE-2021-29551

TensorFlow CVE-2021-29551 relates to MatrixTriangularSolve: the kernel failed to terminate when input validation fails, enabling a potential heap OOB read with crafted tensors. The issue is tied to OP_REQUIRES paths not aborting before using inputs, leading to invalid data usage in bcast construc...

CVE-2021-29553

TensorFlow vulnerability CVE-2021-29553 involves a heap-based out-of-bounds read in tf.raw_ops.QuantizeAndDequantizeV3 caused by not validating the user-supplied axis before indexing the input. Affected TensorFlow versions are in the 2.x range, with a fix planned for TensorFlow 2.5.0 and cherry-p...

CVE-2021-29554

CVE-2021-29554 affects TensorFlow: DenseCountSparseOutput can cause a denial of service via a division-by-zero runtime error. Root cause is computing a divisor from user data without validating zero, yielding num_batch_elements = 0 and a divide operation. Affected TF releases are mitigated by a f...

CVE-2021-29512

TensorFlow RaggedBincount vulnerability (CVE-2021-29512) involves a heap-based buffer overflow when the splits argument does not specify a valid SparseTensor. Affected path shows reads beyond splits bounds inside RaggedBincount. The issue is triggered by user-controlled splits containing a single...

CyberBattleSim - An Experimentation And Research Platform To Investigate The Interaction Of Automated Agents In An Abstract Simulated Network Environments

CyberBattleSim is an experimentation research platform to investigate the interaction of automated agents operating in a simulated abstract enterprise network environment. The simulation provides a high-level abstraction of computer networks and cyber security concepts. Its Python-based Open AI G...

How chat platforms are using Machine Learning for content moderation?

By Uzair Amir More and more online services are using Machine Learning ML, the method of data analysis that will automate the building of analytical mode. This is a post from HackRead.com Read the original post: How chat platforms are using Machine Learning for content moderation?...

Security Bulletin: GO is is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D

Summary Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh package on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-9283 DESCRIPTION: Golang golang.org/x/crypto is vulnerable ...

Security Bulletin: Go is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D

Summary Golang Go is vulnerable to a denial of service and bypass security restrictions on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-15586 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a data race in some net/http servers. By sending...

Security Bulletin: GO is suspectible for denial of service on IBM Watson Machine Learning on CP4D

Summary GO is suspectible for denial of service on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-16845 DESCRIPTION: Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a...

Security Bulletin: Go can panic upon an attempt to process network traffic on IBM Watson Machine Learning on CP4D

Summary Go is vulnerable to a denial of service and can panic upon an attempt to process network traffic on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2019-17596 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when verifying invalid DSA publ...