Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by a buffer overflow in NumPy (CVE-2021-41496)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to to a denial of service in NumPy, caused by a buffer overflow in the arrayfrompyobj function of fortranobject.c. CVE-2021-41496. NumPy is used as part of our speech runtime component. Please read the details f...

Huawei EulerOS: Security Advisory for numpy (EulerOS-SA-2023-1072)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.6 : numpy (EulerOS-SA-2023-1072)

According to the versions of the numpy packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of...

Ubuntu: Security Advisory (USN-5763-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (numpy) security update

An update for numpy is now available for Red Hat OpenStack Platform 16.1.9 Train for Red Hat Enterprise Linux RHEL 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

numpy: NULL pointer dereference in numpy.sort in in the PyArray_DescrNew() due to missing return-value validation

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error ca...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (numpy) security update

An update for numpy is now available for Red Hat OpenStack Platform 16.2.4 Train for Red Hat Enterprise Linux RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

numpy: NULL pointer dereference in numpy.sort in in the PyArray_DescrNew() due to missing return-value validation

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error ca...

USN-5763-1 numpy vulnerabilities

It was discovered that NumPy did not properly manage memory when specifying arrays of large dimensions. If a user were tricked into running malicious Python file, an attacker could cause a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2021-33430 It was discovered that NumPy di...

USN-5763-1: NumPy vulnerabilities

It was discovered that NumPy did not properly manage memory when specifying arrays of large dimensions. If a user were tricked into running malicious Python file, an attacker could cause a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2021-33430 It was discovered that NumPy di...

Ubuntu 20.04 LTS / 22.04 LTS : NumPy vulnerabilities (USN-5763-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5763-1 advisory. It was discovered that NumPy did not properly manage memory when specifying arrays of large dimensions. If a user were tricked into running...

Google TensorFlow has an unspecified vulnerability (CNVD-2022-81226)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which stems from an error that can be raised if a numpy array is created with the shape of one element being zero and the sum of the other elements...

GHSA-H246-CGH4-7475 `CHECK` fail in `BCast` overflow

Impact If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. python import tensorflow as tf value = tf.constantshape=2, 1024, 1024, 1024...

Seg fault in `ndarray_tensor_bridge` due to zero and large inputs

Impact If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. E.g. the following raises an error: python np.ones0, 231, 231 An example of a proof of concept: python import numpy as np import tensorflow as tf inputval =...

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when a numpy array is created with a shape such that one element is zero and the sum of others is a large number. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References -...

CVE-2022-41884

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be...

Stack overflow

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be...

CVE-2022-41884 Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be...

CVE-2022-41884

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be...

CVE-2022-41884

CVE-2022-41884 affects TensorFlow. A numpy array has a shape where one element is zero and the others sum to a large number, triggering an error. The issue has been fixed in commit 2b56169c16e375c521a3bc8ea658811cc0793784 and will be included in TensorFlow 2.11; the fix will also be cherry-picked...