CVE-2022-41890

TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the...

CVE-2022-41889

TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors...

CVE-2022-41909

TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and...

CVE-2022-41885

TensorFlow is an open source platform for machine learning. When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick...

CVE-2022-41891

TensorFlow is an open source platform for machine learning. If tf.rawops.TensorListConcat is given elementshape=, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix wil...

CVE-2022-41898

TensorFlow is an open source platform for machine learning. If SparseFillEmptyRowsGrad is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commi...

CVE-2022-41884

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be...

CVE-2022-41888

TensorFlow is an open source platform for machine learning. When running on GPU, tf.image.generateboundingboxproposals receives a scores input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included i...

CVE-2022-41896

TensorFlow is an open source platform for machine learning. If ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be...

CVE-2022-41908

TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also...

CVE-2022-41899

TensorFlow is an open source platform for machine learning. Inputs densefeatures or examplestatedata not of rank 2 will trigger a CHECK fail in SdcaOptimizer. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will...

CVE-2022-41887

TensorFlow is an open source platform for machine learning. tf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched...

CVE-2022-41897

TensorFlow is an open source platform for machine learning. If FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow...

CVE-2022-41884 Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be...

The vulnerability of the IncrementOffset() function in the TensorFlow machine learning system, which allows a hacker to trigger a service failure.

The vulnerability of the IncrementOffset function in the TensorFlow machine learning system is related to the violation of the buffer’s initial boundary when processing the sizeofchunk value. Exploiting this vulnerability can allow an attacker to trigger a service failure...

AZL-38185 CVE-2022-42915 affecting package tensorflow for versions less than 2.16.1-1

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

GHSA-9JJW-HF72-3MXW TensorFlow vulnerable to heap out of bounds read in filesystem glob matching

Impact The general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories: cc if !fs-Matchchildpath, dirsdirindex ... Since dirindex is unconditionaly incremented outside of the lambda function where the...

TensorFlow vulnerable to heap out of bounds read in filesystem glob matching

Impact The general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories: cc if !fs-Matchchildpath, dirsdirindex ... Since dirindex is unconditionaly incremented outside of the lambda function where the...

ai.djl.spring:djl-spring-boot-starter-tensorflow-auto (>=0.15 <=0.18), ai.djl.tensorflow:tensorflow-api (>=0.15.0 <=0.18.0) +7125 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-java (>=3.17.0-rc-1 <=3.19.5)

com.google.protobuf:protobuf-java MAVEN version =3.17.0-rc-1, =0.15, =0.15.0, =0.15.0, =0.15.0, =3.32.1.6, =3.32.1.6-1-2.1, =3.32.1.6-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.0.1, =2.8.4-alpha1, =3.0.1-alpha1 and more Source cves: CVE-2022-317...

ai.bareun.tagger:bareun (>=1.0.0 <=1.4.1), ai.djl.serving:serving (=0.19.0) +3735 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-java (>=3.21.0-rc-1 <=3.21.6)

com.google.protobuf:protobuf-java MAVEN version =3.21.0-rc-1, =1.0.0, =3.42.0.2-1-3.4, =0.0.1, =22.3.2, =22.3.2, =22.3.2, =22.3.2, =1.0.0-beta01, =1.0.0-beta01, =1.0.0-beta06 - at.ac.ait.lablink.clients:universalapiclient =0.1.0 and more Source cves: CVE-2022-3171 Source advisory:...