Lucene search
K

22 matches found

OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-969 TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad`

Impact The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. python import tensorflow as tf overlapping = True originputtensorshape =...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
Snyk
Snyk
added 2023/03/26 7:46 a.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a floating point exception if the stride and window size are not positive for tf.rawops.AvgPoolGrad. PoC import tensorflow as tf import numpy as np @tf.functionjitcompile=True def test: y =...

7.5CVSS7AI score0.00391EPSS
Exploits0References2
OSV
OSV
added 2023/03/25 12:15 a.m.7 views

AZL-35309 CVE-2023-25664 affecting package tensorflow for versions less than 2.11.1-1

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1...

9.8CVSS7AI score0.00415EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.2 views

SUSE CVE-2021-29573

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The...

5.5CVSS5.5AI score0.00189EPSS
Exploits1References3
OSV
OSV
added 2022/11/21 9:54 p.m.3 views

GHSA-F2W8-JW48-FR7J `FractionalMaxPoolGrad` Heap out of bounds read

Impact If FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence, TensorFlow will crash. python import tensorflow as tf tf.rawops.FractionMaxPoolGrad originput = 1, 1, 1, 1, 1, origoutput = 1, 1, 1, outbackprop = 3, 3, 6, rowpoolingsequence = -0x4000000, 1, 1,...

4.8CVSS7AI score0.0044EPSS
Exploits1References5
OSV
OSV
added 2022/09/16 10:13 p.m.16 views

GHSA-84JM-4CF3-9JFM TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad`

Impact The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. python import tensorflow as tf overlapping = True originputtensorshape =...

5.9CVSS5.8AI score0.00396EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/09/16 8:40 p.m.5 views

CVE-2022-35968

TensorFlow is an open source platform for machine learning. The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS6.8AI score0.00396EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/16 8:10 p.m.4 views

CVE-2022-35963

TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...

7.5CVSS7AI score0.00396EPSS
Exploits0
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.25 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from FractionalMaxPoolGrad validating its inputs by asserting a failure instead of returning an error. T...

7.5CVSS7.6AI score0.00396EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.10 views

PT-2022-23079

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description The issue is related to the FractionalMaxPoolGrad function, which validates its...

7.5CVSS7.1AI score0.00396EPSS
Exploits0References13
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.5 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from an implementation of FractionalAvgPoolGrad that does not fully validate the input...

7.5CVSS7.6AI score0.00396EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/02/03 10:48 a.m.2 views

CVE-2022-21730

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

8.1CVSS6.9AI score0.00815EPSS
Exploits1
PyPA
PyPA
added 2021/08/12 9:15 p.m.5 views

PYSEC-2021-273

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...

7.8CVSS7.4AI score0.00174EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2021/08/12 9:0 p.m.5 views

CVE-2021-37651

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...

7.8CVSS7.4AI score0.00174EPSS
Exploits0
OSV
OSV
added 2021/05/21 2:26 p.m.5 views

GHSA-X8H6-XGQX-JQGP Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad`

Impact The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty: python import tensorflow as tf originput = tf.constant2, 3, shape=1, 1, 1, 2, dtype=tf.int64 origoutput = tf.constant, dtype=tf.int64 outbackprop = tf.zeros2, 3, 6, 6,...

2.5CVSS6AI score0.00189EPSS
Exploits1References7
OSV
OSV
added 2021/05/21 2:26 p.m.2 views

GHSA-V6R6-84GR-92RM Heap buffer overflow in `AvgPool3DGrad`

Impact The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originputshape = tf.constant10, 6, 3, 7, 7, shape=5, dtype=tf.int32 grad = tf.constant0.01, 0, 0, shape=3, 1, 1, 1, 1, dtype=tf.float32 ksize = 1, 1, 1, 1, 1 strides = 1, 1...

2.5CVSS7.1AI score0.00211EPSS
Exploits1References7
PyPA
PyPA
added 2021/05/14 8:15 p.m.8 views

PYSEC-2021-704

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-706

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-699

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The...

5.5CVSS6.1AI score0.00189EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/05/14 7:16 p.m.3 views

CVE-2021-29569

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

7.1CVSS7AI score0.00198EPSS
Exploits1
Rows per page
Query Builder