45 matches found
PYSEC-2021-566
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...
CVE-2021-37643
CVE-2021-37643 affects TensorFlow’s MatrixDiagPartOp. The issue arises when a user does not supply a valid padding value, causing a NULL pointer dereference (if input is empty) or invalid behavior that ignores subsequent values. The root cause is reading the first value from a tensor buffer witho...
CVE-2021-37639
TensorFlow has a local, impactful vulnerability CVE-2021-37639 where restoring tensors via raw APIs can dereference a null pointer or read outside the heap bounds when tensor_name is not provided. The root cause is reading the tensor list from user-controlled input without validating its length, ...
PT-2021-21781 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can read from outside of bounds of heap allocated data by sending...
PT-2021-21803 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: The implementations of pooling in TFLite are vulnerable to division by 0 errors ...