24 matches found
SUSE CVE-2021-29532
TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...
SUSE CVE-2021-41212
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
SUSE CVE-2021-41214
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
GHSA-FR77-RRX3-CP7G Heap OOB read in `tf.ragged.cross`
Impact The shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array: python import tensorflow as tf @tf.function def test: y = tf.rawops.RaggedCrossraggedvalues=, raggedrowsplits=, sparseindices=5, sparsevalues=, sparseshape=5, denseinputs='a',...
GHSA-VWHQ-49R4-GJ9V Reference binding to `nullptr` in `tf.ragged.cross`
Impact The shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. In the following scenario, this results in a crash: python import tensorflow as tf @tf.function def test: y = tf.ragged.crosstf.ragged.constant'1','2' return y test Patches We have...
PYSEC-2021-621
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
PYSEC-2021-821
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
PYSEC-2021-406
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
PYSEC-2021-623
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
PYSEC-2021-821
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
PYSEC-2021-404
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
PYSEC-2021-819
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
PYSEC-2021-404
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
PYSEC-2021-819
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
CVE-2021-41214
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
CVE-2021-41212
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
PT-2021-23185 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The shape inference code for tf.ragged.cross can trigger a read outside of bound...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow, which stems from undefined behavior of the shape inference code of "tf.ragged.cross" due to a bound reference to "nullptr" in the...
PT-2021-23187 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.0 through 2.6.0 will be fixed in 2.6.1 TensorFlow versions 2.5.0 through 2.5.1 will be fixed in 2.5.2 TensorFlow versions 2.4.0 through 2.4.3 will be fixed in 2.4.4 Description: The...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is an end-to-end open source machine learning platform. An out-of-bounds read vulnerability exists in the shape inference code of tf.ragged.cross in versions prior to TensorFlow 2.7.0 for heap allocation arrays. No details of the vulnerability are currently available...