Lucene search
+L

54 matches found

Prion
Prion
added 2022/02/03 2:15 p.m.20 views

Null pointer dereference

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

4CVSS6.6AI score0.00783EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/03 2:15 p.m.4 views

PYSEC-2022-116

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

6.5CVSS6.6AI score0.00783EPSS
Exploits1References3
OSV
OSV
added 2022/02/03 1:15 p.m.22 views

PYSEC-2022-49

Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure ...

6.5CVSS2AI score0.00783EPSS
Exploits1References3
OSV
OSV
added 2022/02/03 1:15 p.m.21 views

PYSEC-2022-78

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

6.5CVSS2.7AI score0.00458EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/03 1:13 p.m.34 views

CVE-2022-21739 Null pointer dereference in TensorFlow

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

6.5CVSS6.6AI score0.00783EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/02/03 12:59 p.m.6 views

CVE-2022-21734 `CHECK`-failures in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as...

6.5CVSS6.5AI score0.00783EPSS
Exploits1References3
CVE
CVE
added 2022/02/03 12:28 p.m.98 views

CVE-2022-21729

The vulnerability CVE-2022-21729 affects TensorFlow: the UnravelIndex implementation is vulnerable to a division-by-zero caused by an integer overflow in the unravel_index_op. The issue is addressed with a fix in TensorFlow 2.8.0, with cherry-picks to older supported releases TensorFlow 2.7.1, 2....

6.5CVSS6.7AI score0.00783EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2022/02/03 12:15 p.m.32 views

CVE-2022-21736

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value. The 3 input arguments to SparseTensorSliceDataset represent a sparse tensor. However, there are...

7.6CVSS0.00746EPSS
Exploits1References3
NVD
NVD
added 2022/02/03 12:15 p.m.35 views

CVE-2022-21733

Tensorflow is an Open Source Machine Learning Framework. The implementation of StringNGrams can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on padwitdh and that result in computing a negative value for...

6.5CVSS0.00821EPSS
Exploits1References3
OSV
OSV
added 2022/02/03 12:8 p.m.29 views

CVE-2022-21736 Undefined behavior in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value. The 3 input arguments to SparseTensorSliceDataset represent a sparse tensor. However, there are...

7.6CVSS6.3AI score0.00746EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/02/03 11:28 a.m.45 views

CVE-2022-21733 Memory exhaustion in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of StringNGrams can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on padwitdh and that result in computing a negative value for...

4.3CVSS6.6AI score0.00821EPSS
Exploits1References3
NVD
NVD
added 2022/02/03 11:15 a.m.22 views

CVE-2022-21730

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

8.1CVSS0.00815EPSS
Exploits1References3
OSV
OSV
added 2022/02/03 11:15 a.m.19 views

PYSEC-2022-54

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

8.1CVSS3.3AI score0.00815EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/02/03 11:1 a.m.36 views

CVE-2022-21726 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

8.1CVSS9.1AI score0.00818EPSS
Exploits1References3
Rows per page
Query Builder