Google Tensorflow has an unspecified vulnerability (CNVD-2022-09893)

Google TensorFlow is an end-to-end open source platform for machine learning from Google. Google TensorFlow has a security vulnerability that can be exploited to cause a denial of service by modifying SavedModel so that TensorByteSize triggers a CHECK failure...

Unspecified Vulnerability in Google Tensorflow (CNVD-2022-09861)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a security vulnerability that can be exploited by an attacker to cause a denial of service by modifying SavedModel...

Unspecified Vulnerability in Google Tensorflow (CNVD-2022-09859)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a security vulnerability that can be exploited by an attacker to cause a denial of service by changing the SavedModel so that it can be asserted in a function...

Google Tensorflow has an unspecified vulnerability (CNVD-2022-09902)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that could be exploited to trigger a denial of service by changing the SavedModel on disk...

Google Tensorflow Buffer Overflow Vulnerability (CNVD-2022-09865)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that can be exploited by an attacker to change the format of the SavedModel on disk to invalidate these assumptions, and then...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. An attacker can send a malicious input which alters a SavedModel such that SafeToRemoveIdentity, triggering CHECK failures...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. The vulnerability exists due to a infinite recursive functions when loading a SavedModel...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. An attacker may exploit the vulnerability by maliciously altering a SavedModel file causing a Null pointer dereference...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. An attacker may crash the system by altering a SavedModel such that any binary op would trigger CHECK failures...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. An attacker may exploit the vulnerability by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. An attacker may exploit the vulnerability by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. An attacker is able to crash the system by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. An attacker can crash the application through the GraphDef in tensorflow SavedModel by providing an invalid argument to ctortype...

GHSA-FQ86-3F29-PX2C `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow

Impact The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. Patches We have patched the issue in GitHub commits ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1,...

`CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow

Impact The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. Patches We have patched the issue in GitHub commits ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1,...

CVE-2022-23589

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...

CVE-2022-23588

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

CVE-2022-23590

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

CVE-2022-23581

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

CVE-2022-23565

Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...