14329 matches found
CVE-2021-29572
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The...
CVE-2021-29555
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.FusedBatchNorm. This is because the...
CVE-2021-29564
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...
CVE-2021-29557
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...
CVE-2021-29543
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...
CVE-2021-29539
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.ImmutableConsthttps://www.tensorflow.org/apidocs/python/tf/rawops/ImmutableConst with a dtype of tf.resource or tf.variant results in a segfault in the implementation as code assumes that the tensor contents...
CVE-2021-29589
TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...
CVE-2021-29548
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...
CVE-2021-29605
TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.cL24-L27. An attacker can...
CVE-2021-29537
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization. This is because the...
CVE-2021-29595
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero...
CVE-2021-29578
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...
CVE-2021-29573
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The...
CVE-2021-29515
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...
CVE-2021-29560
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.RaggedTensorToTensor. This is because the...
CVE-2021-29562
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.IRFFT. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,...
CVE-2021-29559
TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...
CVE-2021-29517
TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...
CVE-2021-29554
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.DenseCountSparseOutput. This is because the...
CVE-2021-29527
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedConv2D. This is because the...