GHSA-6P5R-G9MQ-GGH2 Reference binding to nullptr in `MatrixSetDiagV*` ops

Impact An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV: python import tensorflow as tf tf.rawops.MatrixSetDiagV3 input=1,2,3, diagonal=1,1, k=, align='RIGHTLEFT' The implementation has incomplete validation that t...

GHSA-R4C4-5FPQ-56WG Heap OOB in boosted trees

Impact An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit: python import tensorflow as tf tf.rawops.BoostedTreesSparseCalculateBestFeatureSplit nodeidrange=0,10, statssummaryindices=1, 2,...

GHSA-W74J-V8XH-3W5H Reference binding to nullptr in unicode encoding

Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode: python import tensorflow as tf from tensorflow.python.ops import genstringops genstringops.unicodeencode inputvalues=, inputsplits=, outputencoding='UTF-8', errors='ignore',...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. An attacker can cause a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad due to a lack of validation...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-48855)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which stems from tf.rawops.QuantizeAndDequantizeV2 allows invalid values for the axis parameter:. No...

GHSA-828X-QC2P-WPRQ Undefined behavior in `MaxPool3DGradGrad`

Impact The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors: python import tensorflow as tf originput = tf.constant0.0, shape=1, 1, 1, 1, 1, dtype=tf.float32 origoutput = tf.constant0.0, shape=1, 1, 1,...

GHSA-8H46-5M9H-7553 Heap out of bounds write in `RaggedBinCount`

Impact If the splits argument of RaggedBincount does not specify a valid SparseTensor, then an attacker can trigger a heap buffer overflow: python import tensorflow as tf tf.rawops.RaggedBincountsplits=7,8, values= 5, 16, 51, 76, 29, 27, 54, 95,\ size= 59, weights= 0, 0, 0, 0, 0, 0, 0, 0,...

OPENSUSE-SU-2020:1766-1 Security update for tensorflow2

This update for tensorflow2 fixes the following issues: - updated to 2.1.2 with following fixes boo1177022: Fixes an undefined behavior causing a segfault in tf.rawops.Switch CVE-2020-15190 Fixes three vulnerabilities in conversion to DLPack format CVE-2020-15191, CVE-2020-15192, CVE-2020-15193...

CVE-2020-15265

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...