Lucene search
+L

392 matches found

PyPA
PyPA
added 2022/02/04 11:15 p.m.8 views

PYSEC-2022-122

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...

8.8CVSS7.2AI score0.00811EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2022/02/04 11:15 p.m.7 views

PYSEC-2022-69

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...

8.8CVSS6.8AI score0.00837EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2022/02/04 11:15 p.m.8 views

PYSEC-2022-121

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation. There is no check that the biassize is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

6.5CVSS7AI score0.00757EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2022/02/04 11:15 p.m.6 views

PYSEC-2022-125

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive...

8.8CVSS7.1AI score0.0054EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2022/02/04 11:15 p.m.8 views

PYSEC-2022-68

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

8.8CVSS7.1AI score0.01173EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2022/02/04 11:15 p.m.7 views

PYSEC-2022-123

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

8.8CVSS7.1AI score0.01173EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2022/02/04 11:15 p.m.7 views

PYSEC-2022-124

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...

8.8CVSS6.8AI score0.00837EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/04 11:15 p.m.3 views

PYSEC-2022-124

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...

8.8CVSS5.9AI score0.00837EPSS
Exploits1References3
OSV
OSV
added 2022/02/04 11:15 p.m.3 views

PYSEC-2022-125

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive...

8.8CVSS7.3AI score0.0054EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.4 views

CVE-2022-23561 Out of bounds write in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive...

8.8CVSS8.8AI score0.0054EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.5 views

CVE-2022-23561

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive...

8.8CVSS7.1AI score0.0054EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.6 views

CVE-2022-23557

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation. There is no check that the biassize is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

6.5CVSS7AI score0.00757EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.4 views

PT-2022-16072 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected Description: An attacker can craft a TFLite model that would trigger a division by zero in the BiasAndClamp implementation. There is no check tha...

7.1CVSS6.2AI score0.00757EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.3 views

PT-2022-16077 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions prior to 2.7.1 TensorFlow versions prior to 2.6.3 TensorFlow versions prior to 2.5.3 Description: An attacker can craft a TFLite model to cause a write outside the bounds of an array in...

8.8CVSS8.5AI score0.0054EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.5 views

PT-2022-16073 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: An attacker can craft a TFLite model that would cause an integer overflow in...

8.8CVSS8.7AI score0.00811EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.4 views

PT-2022-16076 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions 2.5.3 through 2.7.1 TensorFlow version 2.8.0 is not affected, as it includes the fix. Description: An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits...

8.8CVSS8.5AI score0.00837EPSS
Exploits1References13
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.6 views

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to build a TFLite model that allows limited reads and writes to the outside of arrays in TFLit...

8.8CVSS6AI score0.00837EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.5 views

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google Tensorflow is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to build a TFLite model that would result in a write operation outside of the array boundaries i...

8.8CVSS6AI score0.0054EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.6 views

Google Tensorflow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google Tensorflow is vulnerable to an input validation error that could be exploited by an attacker to build a TFLite model that leads to an integer overflow in the embedding lookup operation...

8.8CVSS5.6AI score0.01173EPSS
Exploits1References6
PyPA
PyPA
added 2022/02/03 3:15 p.m.7 views

PYSEC-2022-65

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

6.5CVSS6.9AI score0.00821EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder