GHSA-828X-QC2P-WPRQ Undefined behavior in `MaxPool3DGradGrad`

Impact The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors: python import tensorflow as tf originput = tf.constant0.0, shape=1, 1, 1, 1, 1, dtype=tf.float32 origoutput = tf.constant0.0, shape=1, 1, 1,...

GHSA-4P4P-WWW8-8FV9 Reference binding to null in `ParameterizedTruncatedNormal`

Impact An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal: python import tensorflow as tf shape = tf.constant, shape=0, dtype=tf.int32 means = tf.constant1, dtype=tf.float32 stdevs = tf.constant1, dtype=tf.float32 minvals = tf.constant1...

Division by 0 in `QuantizedBiasAdd`

Impact An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd: python import tensorflow as tf inputtensor = tf.constant, shape=0, 0, 0, 0, dtype=tf.quint8 bias = tf.constant, shape=0, dtype=tf.quint8 mininput = tf.constant-10.0, dtype=tf.float32...

RUSTSEC-2021-0068 Soundness issue in `iced-x86` versions <= 1.10.3

Versions of iced-x86...

Soundness issue in `iced-x86` versions <= 1.10.3

Versions of iced-x86...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists due to an undefined behavior in tf.rawops.MaxPool3DGradGrad by dereferencing null pointers backing attacker-supplied empty tensors...

CVE-2021-29609

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

CVE-2021-29608

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...

CVE-2021-29608

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...

CVE-2021-29609

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

CVE-2021-29572

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The...

PYSEC-2021-508

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...

PYSEC-2021-446

TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...

PYSEC-2021-155

TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...

Out-of-bounds

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

PYSEC-2021-734

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...

PYSEC-2021-245

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...

PYSEC-2021-211

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors. The...