Lucene search
K

57 matches found

Prion
Prion
added 2022/09/16 9:15 p.m.22 views

Stack overflow

TensorFlow is an open source platform for machine learning. The implementation of BlockLSTMGradV2 does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

5CVSS7.4AI score0.00409EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/16 9:5 p.m.36 views

CVE-2022-35974 Segfault in `QuantizeDownAndShrinkRange` in TensorFlow

TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

5.9CVSS8AI score0.00423EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/09/16 9:0 p.m.34 views

CVE-2022-35973 Segfault in `QuantizedMatMul` in TensorFlow

TensorFlow is an open source platform for machine learning. If QuantizedMatMul is given nonscalar input for: mina, maxa, minb, or maxb It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. T...

5.9CVSS7.7AI score0.00423EPSS
Exploits0References2
OSV
OSV
added 2022/09/16 8:45 p.m.23 views

CVE-2022-35970 Segfault in `QuantizedInstanceNorm` in TensorFlow

TensorFlow is an open source platform for machine learning. If QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e...

5.9CVSS7.6AI score0.00423EPSS
Exploits0References4
NVD
NVD
added 2022/09/16 8:15 p.m.22 views

CVE-2022-35941

TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. We have patched the issue in GitHub commit...

7.5CVSS0.00562EPSS
Exploits0References3
NVD
NVD
added 2022/09/16 8:15 p.m.48 views

CVE-2022-35940

TensorFlow is an open source platform for machine learning. The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also...

7.5CVSS0.00547EPSS
Exploits0References3
NVD
NVD
added 2022/09/16 8:15 p.m.34 views

CVE-2022-35939

TensorFlow is an open source platform for machine learning. The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have...

9.8CVSS0.00441EPSS
Exploits0References3
NVD
NVD
added 2022/09/16 8:15 p.m.37 views

CVE-2022-35938

TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...

9.1CVSS0.00448EPSS
Exploits0References3
Prion
Prion
added 2022/09/16 8:15 p.m.17 views

Out-of-bounds

TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...

6.4CVSS9.1AI score0.00448EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/09/16 8:15 p.m.14 views

Stack overflow

TensorFlow is an open source platform for machine learning. The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have...

7.5CVSS9.6AI score0.00441EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/09/16 8:15 p.m.18 views

Stack overflow

TensorFlow is an open source platform for machine learning. In core/kernels/listkernels.cc's TensorListReserve, numelements is assumed to be a tensor of size 1. When a numelements of more than 1 element is provided, then tf.rawops.TensorListReserve fails the CHECKEQ in...

5CVSS7.6AI score0.00547EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/09/16 8:15 p.m.19 views

Stack overflow

TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar. This issue has been patched in GitHub commit...

5CVSS7.4AI score0.00441EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/16 8:0 p.m.6 views

CVE-2022-35960 `CHECK` failure in `TensorListReserve` in TensorFlow

TensorFlow is an open source platform for machine learning. In core/kernels/listkernels.cc's TensorListReserve, numelements is assumed to be a tensor of size 1. When a numelements of more than 1 element is provided, then tf.rawops.TensorListReserve fails the CHECKEQ in...

5.9CVSS7.5AI score0.00547EPSS
Exploits0References3
OSV
OSV
added 2022/09/16 7:55 p.m.21 views

CVE-2022-35959 `CHECK` failures in `AvgPool3DGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...

5.9CVSS7.7AI score0.00383EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/09/16 7:45 p.m.44 views

CVE-2022-35941 `CHECK` failure in `AvgPoolOp` in Tensorflow

TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. We have patched the issue in GitHub commit...

5.9CVSS7.7AI score0.00562EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/16 7:30 p.m.34 views

CVE-2022-35934 `CHECK` failure in tf.reshape in Tensorflow

TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit...

5.9CVSS7.6AI score0.00396EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 10:7 p.m.43 views

Missing validation causes denial of service via `Conv3DBackpropFilterV2`

Impact The implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.Conv3DBackpropFilterV2 input=tf.constant.5053710941,...

5.5CVSS6.3AI score0.00317EPSS
Exploits1References9Affected Software3
Rows per page
Query Builder