SUSE CVE-2022-21731

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35971 via tensorflow (>=2.8.0 <=2.8.0rc1)

tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35971 Source advisory: OSV:GHSA-9FPG-838V-WPV7...

acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35997 via tensorflow (>=2.8.0 <=2.8.0rc1)

tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35997 Source advisory: OSV:GHSA-P7HR-F446-X6QF...

acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-29208 via tensorflow (>=2.8.0 <=2.8.0rc1)

tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-29208 Source advisory: OSV:GHSA-2R2F-G8MW-9GVR...

GHSA-GF2J-F278-XH4V Division by zero in TFLite

Impact An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation: cc inline void BiasAndClampfloat clampmin, float clampmax, int biassize, const float biasdata, int arraysize, float arraydata // ... TFLITEDCHECKEQarraysize % biassize, 0; // ... Ther...

GHSA-H6GW-R52C-724R NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow

Impact The code for boosted trees in TensorFlow is still missing validation. This allows malicious users to read and write outside of bounds of heap allocated data as well as trigger denial of service via dereferencing nullptrs or via CHECK-failures. This follows after CVE-2021-41208 where these...

PYSEC-2022-113

Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as...

PYSEC-2022-55

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

CVE-2022-23567

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...