3 matches found
GHSA-WR9V-G9VF-C74V TensorFlow vulnerable to segfault in `RaggedBincount`
Impact If RaggedBincount is given an empty input tensor splits, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf binaryoutput = True splits = tf.random.uniformshape=0, minval=-10000, maxval=10000, dtype=tf.int64, seed=-7430 values =...
Google TensorFlow RaggedBinCount Denial of Service Vulnerability (CNVD-2021-37606)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow RaggedBinCount, which is caused by a heap out-of-bounds write to "RaggedBinCount". An attacker could exploit this vulnerability to cause a...
PYSEC-2021-151
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...