Lucene search
K

51 matches found

OSV
OSV
added 2022/11/21 10:3 p.m.1 views

GHSA-XVWP-H6JV-7472 FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess

Impact An input poolingratio that is smaller than 1 will trigger a heap OOB in tf.rawops.FractionalMaxPool and tf.rawops.FractionalAvgPool. Patches We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cher...

7.1CVSS7.2AI score0.00579EPSS
Exploits1References4
OSV
OSV
added 2022/11/21 9:54 p.m.2 views

GHSA-F2W8-JW48-FR7J `FractionalMaxPoolGrad` Heap out of bounds read

Impact If FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence, TensorFlow will crash. python import tensorflow as tf tf.rawops.FractionMaxPoolGrad originput = 1, 1, 1, 1, 1, origoutput = 1, 1, 1, outbackprop = 3, 3, 6, rowpoolingsequence = -0x4000000, 1, 1,...

4.8CVSS7AI score0.0044EPSS
Exploits1References5
Snyk
Snyk
added 2022/11/20 9:8 a.m.2 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in FractionalMaxAVGPool with illegal poolingratio. Attackers can access heap memory that is not in the user's control, leading to a crash or remote code execution. Remediation Upgrade tensorflow-lite to version 2.12....

9.8CVSS7.7AI score0.00579EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2022/11/18 12:0 a.m.2 views

CVE-2022-41897

TensorFlow is an open source platform for machine learning. If FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow...

7.5CVSS7AI score0.0044EPSS
Exploits1
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.2 views

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that causes FractionalMaxAVG Pool to have an illegal poolingratio. attackers using Tensorflow can exploit this vulnerability. They can access heap...

9.8CVSS7.9AI score0.00579EPSS
Exploits1References3
OSV
OSV
added 2022/09/16 10:26 p.m.9 views

GHSA-VXV8-R8Q2-63XW TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad`

Impact FractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack: python import tensorflow as tf overlapping = True originput = tf.constant.453409232,...

5.9CVSS6.9AI score0.00396EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.10 views

PT-2022-23079 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue is related to the FractionalMaxPoolGrad function, which validates its...

7.5CVSS7.6AI score0.00396EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.23 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from FractionalMaxPoolGrad validating its inputs by asserting a failure instead of returning an error. T...

7.5CVSS7.6AI score0.00396EPSS
Exploits0References3
OSV
OSV
added 2022/02/10 12:21 a.m.2 views

GHSA-87V6-CRGM-2GFJ Division by zero in Tensorflow

Impact The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0: python import tensorflow as tf import numpy as np tf.rawops.FractionalMaxPool value=tf.constantvalue=1, 4, 2, 3, dtype=tf.int64, poolingratio=1.0, 1.44, 1.73, 1.0, pseudorandom=False,...

7.1CVSS5.8AI score0.00783EPSS
Exploits1References7
OSV
OSV
added 2022/02/09 11:46 p.m.1 views

GHSA-3MW4-6RJ6-74G5 Null pointer dereference in TensorFlow

Impact The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. python import tensorflow as tf tf.rawops.QuantizedMaxPool input = tf.constant4, dtype=tf.quint8, mininput = , maxinput = 1, ksize = 1, 1, 1, 1,...

7.1CVSS5.8AI score0.00783EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2022/02/03 1:13 p.m.4 views

CVE-2022-21739

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

6.5CVSS6.9AI score0.00783EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/02/03 12:53 p.m.3 views

CVE-2022-21735

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow...

6.5CVSS6.9AI score0.00783EPSS
Exploits1
CNNVD
CNNVD
added 2022/02/03 12:0 a.m.6 views

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow is vulnerable to a code issue that stems from an undefined behavior in the QuantizedMaxPool implementation, where user-controlled input can trigger a reference binding to a null...

6.5CVSS5.7AI score0.00783EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/02/03 12:0 a.m.7 views

PT-2022-15075 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected Description: The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0. This issue can be exploited b...

7.1CVSS6.3AI score0.00783EPSS
Exploits1References13
OSV
OSV
added 2021/11/10 7:36 p.m.1 views

GHSA-M539-J985-HCR8 Crash in `max_pool3d` when size argument is 0 or negative

Impact The Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative: python import tensorflow as tf poolsize = 2, 2, 0 layer = tf.keras.layers.MaxPooling3Dstrides=1, poolsize=poolsize inputtensor = tf.random.uniform3, 4, 10, 11, 12, dtype=tf.float32 r...

6.8CVSS5.8AI score0.0023EPSS
Exploits1References8
OSV
OSV
added 2021/08/25 2:41 p.m.3 views

GHSA-7GHQ-FVR3-PJ2X Incomplete validation in `MaxPoolGrad`

Impact An attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation: python import tensorflow as tf tf.rawops.MaxPoolGrad originput = tf.constant, shape=3, 0, 0, 2, dtype=tf.float32, origoutput = tf.constant, shape=3, 0, 0, 2,...

6.8CVSS6.3AI score0.00179EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2021/08/12 10:40 p.m.3 views

CVE-2021-37674

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...

5.5CVSS6.8AI score0.00179EPSS
Exploits0
OSV
OSV
added 2021/05/21 2:26 p.m.4 views

GHSA-X8H6-XGQX-JQGP Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad`

Impact The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty: python import tensorflow as tf originput = tf.constant2, 3, shape=1, 1, 1, 2, dtype=tf.int64 origoutput = tf.constant, dtype=tf.int64 outbackprop = tf.zeros2, 3, 6, 6,...

2.5CVSS6AI score0.00189EPSS
Exploits1References7
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-206

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

7.1CVSS7AI score0.00198EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/05/14 8:15 p.m.2 views

PYSEC-2021-217

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...

5.5CVSS5.9AI score0.00189EPSS
Exploits1References2
Rows per page
Query Builder