BIT-TENSORFLOW-2021-29565 Null pointer dereference in `SparseFillEmptyRows`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

BIT-TENSORFLOW-2021-29567 Lack of validation in `SparseDenseCwiseMul`

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.SparseDenseCwiseMul, an attacker can trigger denial of service via CHECK-fails or accesses to outside the bounds of heap allocated data. Since the...

BIT-TENSORFLOW-2021-29577 Heap buffer overflow in `AvgPool3DGrad`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...

BIT-TENSORFLOW-2021-29580 Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...

BIT-TENSORFLOW-2021-29592 Null pointer dereference in TFLite's `Reshape` operator

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

BIT-TENSORFLOW-2021-37641 Heap OOB in `RaggedGather` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first...

BIT-TENSORFLOW-2021-37647 Null pointer dereference in `SparseTensorSliceDataset` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.rawops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails...

BIT-TENSORFLOW-2021-37666 Reference binding to nullptr in `RaggedTensorToVariant` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...

BIT-TENSORFLOW-2021-37667 Reference binding to nullptr in unicode encoding in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...

BIT-TENSORFLOW-2021-41204 Segfault while copying constant resource tensor

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in...

BIT-TENSORFLOW-2021-41206 Incomplete validation of shapes in multiple TF ops

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

BIT-TENSORFLOW-2021-41209 FPE in convolutions with zero size filters

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

BIT-TENSORFLOW-2021-41219 Undefined behavior via `nullptr` reference binding in sparse matrix multiplication

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

BIT-TENSORFLOW-2022-23588 `CHECK`-fails due to attempting to build a reference tensor in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

BIT-TENSORFLOW-2022-35985 `CHECK` fail in `LRNGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. If LRNGrad is given an outputimage input tensor that is not 4-D, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The...

Path Traversal

onnx is vulnerable to Path Traversal. The vulnerability is due to a flaw in the handling of the externaldata field of the tensor proto, allowing paths to files outside the model's current directory or user-provided directory...

SUSE CVE-2022-25882

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...

SUSE CVE-2024-27318

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.

...

llama.cpp GGUF library info->ne heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1914 llama.cpp GGUF library info-ne heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-21802 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library info-ne functionality of llama.cpp Commit 18c2e17. A special...