Lucene search
+L

45 matches found

PyPA
PyPA
added 2021/08/12 10:15 p.m.5 views

PYSEC-2021-602

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

7.8CVSS6.9AI score0.00165EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/08/12 10:15 p.m.17 views

PYSEC-2021-588

TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation i...

5.5CVSS5AI score0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/12 9:40 p.m.33 views

CVE-2021-37676 Reference binding to nullptr in shape inference in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...

7.8CVSS8AI score0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/12 9:40 p.m.29 views

CVE-2021-37671 Reference binding to nullptr in map operations in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations. The implementation has a check in place to ensure that indices is in...

7.8CVSS8AI score0.00173EPSS
Exploits0References2
CVE
CVE
added 2021/08/12 9:40 p.m.97 views

CVE-2021-37666

CVE-2021-37666 is a TensorFlow vulnerability in RaggedTensorToVariant where binding a reference to a null pointer occurs due to incomplete validation of splits values. The issue is addressed by the GitHub patch be7a4de6adfbd303ce08be4332554dff70362612, with the fix scheduled for TensorFlow 2.6.0 ...

7.8CVSS7.7AI score0.00173EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/08/12 9:15 p.m.18 views

CVE-2021-37650

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...

7.8CVSS0.00182EPSS
Exploits0References2
NVD
NVD
added 2021/08/12 9:15 p.m.18 views

CVE-2021-37655

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS0.00167EPSS
Exploits0References2
OSV
OSV
added 2021/08/12 9:15 p.m.12 views

CVE-2021-37655

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS6.7AI score
Exploits0References2
OSV
OSV
added 2021/08/12 9:15 p.m.18 views

CVE-2021-37645

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on thi...

5.5CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2021/08/12 9:15 p.m.10 views

Input validation

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...

4.6CVSS7.5AI score0.00189EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/08/12 9:15 p.m.17 views

Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToSparse. The implementation has an incomplete validation of the splits values: it does not check...

4.6CVSS7.6AI score0.00167EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/08/12 9:15 p.m.19 views

PYSEC-2021-559

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The...

5.5CVSS3.5AI score0.00154EPSS
Exploits0References2
OSV
OSV
added 2021/08/12 9:15 p.m.18 views

PYSEC-2021-575

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...

7.8CVSS2.4AI score0.00189EPSS
Exploits0References3
OSV
OSV
added 2021/08/12 9:15 p.m.21 views

PYSEC-2021-570

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV. The implementation has incomplete validation that the value of k is a valid...

7.8CVSS3.2AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/12 9:10 p.m.42 views

CVE-2021-37646 Bad alloc in `StringNGrams` caused by integer conversion in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The...

5.5CVSS6.2AI score0.00154EPSS
Exploits0References2
CVE
CVE
added 2021/08/12 9:10 p.m.88 views

CVE-2021-37646

CVE-2021-37646 affects TensorFlow: the StringNGrams implementation can overflow when converting a negative, signed ngram_width to an unsigned size during a reserve call, enabling a potential denial-of-service condition. The root cause is a signed-to-unsigned conversion in TF’s string buffer alloc...

5.5CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/08/12 7:15 p.m.18 views

CVE-2021-37638

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

7.8CVSS0.00167EPSS
Exploits0References2
Prion
Prion
added 2021/08/12 7:15 p.m.19 views

Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.rawops.MatrixDiagPartOp, then the code triggers a null pointer dereference if input is empty or produces invalid behavior, ignoring all values after the first. The...

3.6CVSS7.1AI score0.0016EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/08/12 7:15 p.m.31 views

PYSEC-2021-552

TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by...

8.4CVSS3.1AI score0.00173EPSS
Exploits0References2
CVE
CVE
added 2021/08/12 6:15 p.m.86 views

CVE-2021-37637

CVE-2021-37637 is a TensorFlow null pointer dereference in tf.raw_ops.CompressElement triggered by invalid input. The issue occurred when code accessed a buffer size before validating the buffer, and has been patched in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5. The fix will be in Te...

7.7CVSS5.8AI score0.0016EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder