67 matches found
CVE-2021-29516
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...
BIT-TENSORFLOW-2021-29516 Null pointer dereference via invalid Ragged Tensors
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...
BIT-TENSORFLOW-2021-37666 Reference binding to nullptr in `RaggedTensorToVariant` in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...
SUSE CVE-2021-29516
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...
SUSE CVE-2021-29560
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.RaggedTensorToTensor. This is because the...
SUSE CVE-2021-29608
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...
SUSE CVE-2021-37638
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...
SUSE CVE-2021-37666
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...
GHSA-M6CV-4FMF-66XF TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant`
Impact If RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf batchedinput = True rtnestedsplits = tf.constant0,32,64, shape=3,...
PT-2022-23118
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description The issue arises when RaggedTensorToVariant is given a rt nested splits list...
Google TensorFlow Buffer Overflow Vulnerability (CNVD-2022-09855)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that stems from the inability of the ""tf.rawops.RaggedGather"" parameter in the software to determine a valid ragged tensor code,...
GHSA-9C8H-VVRJ-W2P8 Heap OOB in `RaggedGather`
Impact If the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. python import tensorflow as tf tf.rawops.RaggedGather paramsnestedsplits = 0,0,0, paramsdensevalues = 1,1, indices = 0,0,9,0,0,...
GHSA-4XFP-4PFP-89WG Reference binding to nullptr in `RaggedTensorToSparse`
Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToSparse: python import tensorflow as tf tf.rawops.RaggedTensorToSparse rtnestedsplits=0, 38, 0, rtdensevalues= The implementation has an incomplete validation of the splits values: it...
GHSA-W4XF-2PQW-5MQ7 Reference binding to nullptr in `RaggedTensorToVariant`
Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant: python import tensorflow as tf tf.rawops.RaggedTensorToVariant rtnestedsplits=, rtdensevalues=1,2,3, batchedinput=True The implementation has an incomplete validation of the...
GHSA-G8WG-CJWC-XHHP Heap OOB in nested `tf.map_fn` with `RaggedTensor`s
Impact It is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap: python import...
CVE-2021-37679
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...
PYSEC-2021-301
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...
PYSEC-2021-790
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...
PYSEC-2021-592
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...
CVE-2021-37679
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...