15 matches found
EUVD-2021-0447
Malware in sbrugna...
BIT-TENSORFLOW-2021-41225 A use of uninitialized value vulnerability in Tensorflow
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the trainnodes vector obtained from the saved model that gets optimized does not contain a Dequeue node, then dequeuenode is left unitialized. The...
SUSE CVE-2022-23566
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in Grappler. The setoutput function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also...
SUSE CVE-2022-23579
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
SUSE CVE-2022-23589
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...
CVE-2022-41902 Out of bounds write in grappler in Tensorflow
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...
GHSA-WCV5-VRVR-3RX2 Integer Overflow or Wraparound in TensorFlow
Impact The Grappler component of TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure in constant folding: cc for const auto& outputprop : outputprops const PartialTensorShape outputshapeoutputprop.shape; // ... The outputprop tensor has a shape that is controlled b...
PYSEC-2022-98
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...
CVE-2022-23587
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...
PT-2022-16106 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The Grappler component of TensorFlow can trigger a null pointer dereference unde...
GHSA-7R94-XV9V-63JW A use of uninitialized value vulnerability in Tensorflow
Impact TensorFlow's Grappler optimizer has a use of unitialized variable: cc const NodeDef dequeuenode; for const auto& trainnode : trainnodes if IsDequeueOptrainnode dequeuenode = trainnode; break; if dequeuenode ... If the trainnodes vector obtained from the saved model that gets optimized does...
PYSEC-2021-832
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the trainnodes vector obtained from the saved model that gets optimized does not contain a Dequeue node, then dequeuenode is left unitialized. The...
PYSEC-2021-397
TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in...
PT-2021-23198 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow version 2.6.1 TensorFlow version 2.5.2 TensorFlow version 2.4.4 Description: TensorFlow's Grappler optimizer has a use of an uninitialized variable. If the train nodes vector does not contain a...
Google TensorFlow 安全漏洞
A security vulnerability in Google TensorFlow, an end-to-end open source platform for machine learning from Google, stems from the use of uninitialized variables in the Grappler optimizer. If the trainnodes vector obtained from the saved optimization model does not contain Dequeue nodes, then...