51 matches found
GHSA-XVWP-H6JV-7472 FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess
Impact An input poolingratio that is smaller than 1 will trigger a heap OOB in tf.rawops.FractionalMaxPool and tf.rawops.FractionalAvgPool. Patches We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cher...
GHSA-F2W8-JW48-FR7J `FractionalMaxPoolGrad` Heap out of bounds read
Impact If FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence, TensorFlow will crash. python import tensorflow as tf tf.rawops.FractionMaxPoolGrad originput = 1, 1, 1, 1, 1, origoutput = 1, 1, 1, outbackprop = 3, 3, 6, rowpoolingsequence = -0x4000000, 1, 1,...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in FractionalMaxAVGPool with illegal poolingratio. Attackers can access heap memory that is not in the user's control, leading to a crash or remote code execution. Remediation Upgrade tensorflow-lite to version 2.12....
CVE-2022-41897
TensorFlow is an open source platform for machine learning. If FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that causes FractionalMaxAVG Pool to have an illegal poolingratio. attackers using Tensorflow can exploit this vulnerability. They can access heap...
GHSA-VXV8-R8Q2-63XW TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad`
Impact FractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack: python import tensorflow as tf overlapping = True originput = tf.constant.453409232,...
PT-2022-23079 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue is related to the FractionalMaxPoolGrad function, which validates its...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from FractionalMaxPoolGrad validating its inputs by asserting a failure instead of returning an error. T...
GHSA-87V6-CRGM-2GFJ Division by zero in Tensorflow
Impact The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0: python import tensorflow as tf import numpy as np tf.rawops.FractionalMaxPool value=tf.constantvalue=1, 4, 2, 3, dtype=tf.int64, poolingratio=1.0, 1.44, 1.73, 1.0, pseudorandom=False,...
GHSA-3MW4-6RJ6-74G5 Null pointer dereference in TensorFlow
Impact The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. python import tensorflow as tf tf.rawops.QuantizedMaxPool input = tf.constant4, dtype=tf.quint8, mininput = , maxinput = 1, ksize = 1, 1, 1, 1,...
CVE-2022-21739
Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...
CVE-2022-21735
Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow...
Google TensorFlow 代码问题漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow is vulnerable to a code issue that stems from an undefined behavior in the QuantizedMaxPool implementation, where user-controlled input can trigger a reference binding to a null...
PT-2022-15075 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected Description: The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0. This issue can be exploited b...
GHSA-M539-J985-HCR8 Crash in `max_pool3d` when size argument is 0 or negative
Impact The Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative: python import tensorflow as tf poolsize = 2, 2, 0 layer = tf.keras.layers.MaxPooling3Dstrides=1, poolsize=poolsize inputtensor = tf.random.uniform3, 4, 10, 11, 12, dtype=tf.float32 r...
GHSA-7GHQ-FVR3-PJ2X Incomplete validation in `MaxPoolGrad`
Impact An attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation: python import tensorflow as tf tf.rawops.MaxPoolGrad originput = tf.constant, shape=3, 0, 0, 2, dtype=tf.float32, origoutput = tf.constant, shape=3, 0, 0, 2,...
CVE-2021-37674
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...
GHSA-X8H6-XGQX-JQGP Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad`
Impact The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty: python import tensorflow as tf originput = tf.constant2, 3, shape=1, 1, 1, 2, dtype=tf.int64 origoutput = tf.constant, dtype=tf.int64 outbackprop = tf.zeros2, 3, 6, 6,...
PYSEC-2021-206
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...
PYSEC-2021-217
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...