CVE-2020-15198 Heap buffer overflow in Tensorflow

In Tensorflow before version 2.3.1, the SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed...

CVE-2020-15198

CVE-2020-15198 affects TensorFlow up to 2.3.0: SparseCountSparseOutput may access heap buffers out of bounds due to missing validation that indices and values shapes match in a sparse tensor. This root cause enables a heap buffer overflow in pre-2.3.1 builds. A fix was committed (3cbb917b47147660...

CVE-2020-15190

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. Howeve...

GHSA-X9J7-X98R-R4W2 Segmentation fault in tensorflow-lite

Impact If a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. Patches We have patched the issue in d58c96946b and will release patch releases for all versions between 1.1...

GHSA-QH32-6JJC-QPRM Null pointer dereference in tensorflow-lite

Impact A crafted TFLite model can force a node to have as input a tensor backed by a nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a...

Null pointer dereference in tensorflow-lite

Impact A crafted TFLite model can force a node to have as input a tensor backed by a nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a...

GHSA-MXJJ-953W-2C2V Data corruption in tensorflow-lite

Impact When determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/types.hL437-L442 Since the function...

GHSA-QC53-44CJ-VFVX Denial of Service in Tensorflow

Impact The SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix:...

Heap buffer overflow in Tensorflow

Impact The SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed in parallel:...

Heap buffer overflow in Tensorflow

Impact The SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified:...

GHSA-4G9F-63RX-5CW4 Segfault in Tensorflow

Impact The tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output:...

PT-2020-14279 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: The issue arises when determining the common dimensio...

PT-2020-14271 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: Tensorflow versions prior to 2.3.1 Description: The RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor, specifically that the values in the splits tensor generate a valid partitioning ...

PT-2020-14264 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: Tensorflow versions prior to 2.2.1 Tensorflow versions prior to 2.3.1 Description: The implementation of dlpack.to dlpack can be made to use uninitialized memory, resulting in further memory corruption. This occurs because the pybind11 glue...

PT-2020-14281 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: If a TFLite saved model uses the same tensor as both...

PYSEC-2019-227

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case datasize and numsegments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. Thi...

GHSA-QX2V-J445-G354 Improper Input Validation in Google TensorFlow

Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory...