64 matches found
Design/Logic Flaw
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...
PYSEC-2021-536
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...
CVE-2021-29518 Session operations in eager mode lead to null pointer dereferences
TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...
CVE-2021-29520
TensorFlow CVE-2021-29520 concerns a heap buffer overflow in Conv3DBackprop* due to missing validation that assumes input, filter_sizes, and out_backprop have identical shapes. Multiple sources (OSV entries and GHSA advisory) corroborate the issue and patch lineage. The vulnerability affects Conv...
CVE-2021-29521 Segfault in SparseCountSparseOutput
TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...
CVE-2021-29521
TensorFlow CVE-2021-29521: A bug in tf.raw_ops.SparseCountSparseOutput triggers a segmentation fault when dense_shape contains negative values. Root cause is the implementation assuming the first element of dense_shape is positive to initialize BatchedMap; with multi-element shapes, num_batches d...
CVE-2021-29523 CHECK-fail in AddManySparseToTensorsMap
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.AddManySparseToTensorsMap. This is because the...
CVE-2021-29585
TensorFlow/TFLite padding compute path has a division-by-zero in ComputeOutSize when stride is 0, enabling a potential denial-of-service scenario via crafted models. The issue affects padding logic in TF Lite; patches were applied in commit 49847ae and a fix is planned for TensorFlow 2.5.0 with c...
CVE-2021-29588
TensorFlow/TFLite issue: the TransposeConv operator in the TFLite backend is vulnerable to a division-by-zero when stride_h/stride_w can be 0, enabling a crafted model to trigger a fault. Root cause follows from the division calculations in optimized_ops.h, requiring callers to validate stride ar...
CVE-2021-29590 Heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...
CVE-2021-29604 Division by zero in TFLite's implementation of hashtable lookup
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtablelookup.ccL114-L115 ...
CVE-2021-29557 Division by 0 in `SparseMatMul`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...
CVE-2021-29558 Heap buffer overflow in `SparseSplit`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...
CVE-2021-29559 Heap OOB access in unicode ops
TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...
CVE-2021-29572 Reference binding to nullptr in `SdcaOptimizer`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The...
CVE-2021-29575 Overflow/denial of service in `tf.raw_ops.ReverseSequence`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...
CVE-2021-29512
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...
CVE-2021-29525 Division by 0 in `Conv2DBackpropInput`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropInput. This is because the...
CVE-2021-29529
CVE-2021-29529 affects TensorFlow’s QuantizedResizeBilinear in tf.raw_ops.QuantizedResizeBilinear, where rounding of floating input can cause interpolation bounds to produce an out-of-bounds access, leading to a heap buffer overflow. The vulnerability arises because lower/upper interpolation boun...
CVE-2021-29529 Heap buffer overflow caused by rounding
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in tf.rawops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the...