GHSA-2R8P-FG3C-WCJ4 Heap OOB and CHECK fail in `ResourceGather`

Impact An attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.rawops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build: python import tensorflow as tf tensor =...

GHSA-4XFP-4PFP-89WG Reference binding to nullptr in `RaggedTensorToSparse`

Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToSparse: python import tensorflow as tf tf.rawops.RaggedTensorToSparse rtnestedsplits=0, 38, 0, rtdensevalues= The implementation has an incomplete validation of the splits values: it...

GHSA-5XWC-MRHX-5G3M Reference binding to nullptr in `MatrixDiagV*` ops

Impact An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV: python import tensorflow as tf tf.rawops.MatrixDiagV3 diagonal=1,0, k=, numrows=1,2,3, numcols=4,5, paddingvalue=, align='RIGHTRIGHT' The implementation has...

GHSA-W4XF-2PQW-5MQ7 Reference binding to nullptr in `RaggedTensorToVariant`

Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant: python import tensorflow as tf tf.rawops.RaggedTensorToVariant rtnestedsplits=, rtdensevalues=1,2,3, batchedinput=True The implementation has an incomplete validation of the...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2021-37669 via tensorflow-gpu (>=1.10.1 <=2.3.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-37669 Source advisory: OSV:GHSA-VMJW-C2VP-P33C...

Heap OOB in nested `tf.map_fn` with `RaggedTensor`s

Impact It is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap: python import...

GHSA-G8WG-CJWC-XHHP Heap OOB in nested `tf.map_fn` with `RaggedTensor`s

Impact It is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap: python import...

CVE-2021-37679

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

PYSEC-2021-803

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

PYSEC-2021-790

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

PYSEC-2021-301

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

PYSEC-2021-592

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

PYSEC-2021-796

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expanddims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value e.g., -100000, then after the first if it would...

CVE-2021-37692

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

CVE-2021-37692 Segfault on strings tensors with mistmatched dimensions in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

CVE-2021-37679 Heap OOB in nested `tf.map_fn` with `RaggedTensor`s in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

CVE-2021-37679

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

PYSEC-2021-274

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The implementation uses a reference counted resource an...

PYSEC-2021-792

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a null pointer but GetTensorData assumes that the argument is always a valid tensor...

CVE-2021-37666

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...