Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc...

CVE-2022-41894 Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite

TensorFlow is an open source platform for machine learning. The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of inp...

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow versions 2.9.0 and later, and versions prior to 2.9.3, which stems from a lack of proper validation of user-supplied data in...

CVE-2022-41890 `CHECK` fail in `BCast` overflow in Tensorflow

TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from the fact that entering 'densefeatures' or 'examplestatedata' that is not rank 2 will trigger a 'CHECK' failure in...

CVE-2022-41894 Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite

TensorFlow is an open source platform for machine learning. The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of inp...

PT-2022-26115 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow version 2.10.1 TensorFlow version 2.9.3 TensorFlow version 2.8.4 Description: The issue arises when a numpy array is created with a shape such that one element is zero and the others sum to a large...

CVE-2022-41896 `tf.raw_ops.Mfcc` crashes in Tensorflow

TensorFlow is an open source platform for machine learning. If ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be...

CVE-2022-41885

TensorFlow vulnerability CVE-2022-41885 affects tf.raw_ops.FusedResizeAndPadConv2D when handling large tensor shapes, causing a buffer/overflow. A fix was committed (d66e1d568275e6a2947de97dca7a102a211e01ce) and will be included in TensorFlow 2.11. TensorFlow team will cherry-pick this commit to ...

CVE-2022-41907

CVE-2022-41907 affects TensorFlow: when calling tf.raw_ops.ResizeNearestNeighborGrad with a very large size, an integer overflow occurs in the operation. The issue has been fixed in commit 00c821af032ba9e5f5fa3fe14690c8d28a657624 and the fix will be included in TensorFlow 2.11; TensorFlow 2.10.1,...

CVE-2022-41908 `CHECK` fail via inputs in `PyFunc` in Tensorflow

TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also...

CVE-2022-41895

TensorFlow CVE-2022-41895 describes a heap-out-of-bounds read in MirrorPadGrad when input paddings are out of range. The issue is fixed in commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92 and will be included in TensorFlow 2.11; a cherry-pick will be applied to 2.10.1, 2.9.3, and 2.8.4 for affecte...

CVE-2022-41891 Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow

TensorFlow is an open source platform for machine learning. If tf.rawops.TensorListConcat is given elementshape=, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix wil...

CVE-2022-41890 `CHECK` fail in `BCast` overflow in Tensorflow

TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the...

PT-2022-26120 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier Description: TensorFlow is an open source platform for machine learning. If a list of quantiz...

CVE-2022-41909

CVE-2022-41909 affects TensorFlow: an input encoded that is not a valid CompositeTensorVariant can cause a segfault in tf.raw_ops.CompositeTensorVariantToComponents. Patches are in commits bf594d08d... and 660ce5a89e..., with the fix slated for TensorFlow 2.11 and cherry-picked to 2.10.1, 2.9.3, ...

CVE-2022-41884

CVE-2022-41884 affects TensorFlow. A numpy array has a shape where one element is zero and the others sum to a large number, triggering an error. The issue has been fixed in commit 2b56169c16e375c521a3bc8ea658811cc0793784 and will be included in TensorFlow 2.11; the fix will also be cherry-picked...

PT-2022-26114 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow version 2.10.1 TensorFlow version 2.9.3 TensorFlow version 2.8.4 Description: The issue occurs when ops with specified input sizes receive a differing number of inputs, causing the executor to cras...

CVE-2022-41909 Segfault in `CompositeTensorVariantToComponents` in Tensorflow

TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and...

PT-2022-26142 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11.0 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier Description: The issue arises when printing a tensor, as the data is retrieved as a const...