2519 matches found
Reference binding to nullptr in `MatrixSetDiagV*` ops
Impact An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV: python import tensorflow as tf tf.rawops.MatrixSetDiagV3 input=1,2,3, diagonal=1,1, k=, align='RIGHTLEFT' The implementation has incomplete validation that t...
Reference binding to nullptr in boosted trees
Impact An attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature: python import tensorflow as tf tf.rawops.BoostedTreesCalculateBestGainsPerFeature nodeidrange=, statssummarylist=1,2,3, l1=1.0, l2=1.0, treecomplexity =1.0,...
Incomplete validation in MKL requantization
Impact Due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays: python import tensorflow as tf tf.rawops.RequantizationRangePerChannel...
GHSA-V82P-HV3V-P6QP Incomplete validation in MKL requantization
Impact Due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays: python import tensorflow as tf tf.rawops.RequantizationRangePerChannel...
GHSA-W4XF-2PQW-5MQ7 Reference binding to nullptr in `RaggedTensorToVariant`
Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant: python import tensorflow as tf tf.rawops.RaggedTensorToVariant rtnestedsplits=, rtdensevalues=1,2,3, batchedinput=True The implementation has an incomplete validation of the...
Reference binding to nullptr in unicode encoding
Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode: python import tensorflow as tf from tensorflow.python.ops import genstringops genstringops.unicodeencode inputvalues=, inputsplits=, outputencoding='UTF-8', errors='ignore',...
GHSA-QR82-2C78-4M8H Reference binding to nullptr in map operations
Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations: python import tensorflow as tf tf.rawops.MapPeek key=tf.constant8,dtype=tf.int64, indices=, dtypes=tf.int32, capacity=8, memorylimit=128 The implementation...
Reference binding to nullptr in map operations
Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations: python import tensorflow as tf tf.rawops.MapPeek key=tf.constant8,dtype=tf.int64, indices=, dtypes=tf.int32, capacity=8, memorylimit=128 The implementation...
GHSA-V768-W7M9-2VMM Reference binding to nullptr in shape inference
Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows: python import tensorflow as tf tf.compat.v1.disablev2behavior tf.rawops.SparseFillEmptyRows indices = tf.constant, shape=0, 0, dtype=tf.int64, values = tf.constant, shape=0,...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. Empty tensors are not validated which allows an attacker to cause an undefined behavior by binding a reference to null pointer in tf.rawops.SparseFillEmptyRows...
CVE-2021-37665
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...
CVE-2021-37665
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...
PYSEC-2021-578
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...
CVE-2021-37665
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...
Null pointer dereference
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...
PYSEC-2021-287
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...
PYSEC-2021-776
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...
PYSEC-2021-776
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...
CVE-2021-37665 Incomplete validation in MKL requantization in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...
CVE-2021-37665
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...