2519 matches found
CVE-2021-41208
TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...
PYSEC-2021-845
TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...
Heap overflow
TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...
CVE-2021-41208
CVE-2021-41208 involves TensorFlow boosted trees code with missing validation. The root cause is incomplete validation in boosted trees APIs, enabling a local attacker to trigger denial of service (via dereferencing null pointers or CHECK failures) and to cause undefined behavior (binding referen...
CVE-2021-41208
TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...
CVE-2021-41219
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...
PYSEC-2021-826
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...
PYSEC-2021-411
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...
PYSEC-2021-826
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...
PYSEC-2021-406
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
Heap overflow
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...
PYSEC-2021-406
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
PYSEC-2021-396
TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...
CVE-2021-41203
TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...
CVE-2021-41203
TensorFlow vulnerability CVE-2021-41203 (checkpoint loading) is due to missing validation for invalid checkpoint file formats. This allows a local attacker to trigger undefined behavior, integer overflows, segfaults, and CHECK-fail crashes by altering saved checkpoints from outside TensorFlow. Af...
CVE-2021-41219
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...
CVE-2021-41219 Undefined behavior via `nullptr` reference binding in sparse matrix multiplication
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer error vulnerability exists in Google TensorFlow, which stems from the code for sparse matrix multiplication being susceptible to undefined behavior by binding references to "nullptr" in the...
PT-2021-23192 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The code for sparse matrix multiplication in TensorFlow is vulnerable to undefin...
PT-2021-23187 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.0 through 2.6.0 will be fixed in 2.6.1 TensorFlow versions 2.5.0 through 2.5.1 will be fixed in 2.5.2 TensorFlow versions 2.4.0 through 2.4.3 will be fixed in 2.4.4 Description: The...