5 matches found
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in QuantizedMatMulWithBiasAndDequantize with MKL enabled. PoC import tensorflow as tf func = tf.rawops.QuantizedMatMulWithBiasAndDequantize para='a': tf.constant138, dtype=tf.quint8, 'b': tf.constant4,...
PT-2021-18276 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: An attacker can trigger a division by 0 in...
GHSA-W5GH-2WR2-PM6G Denial of Service in Tensorflow
Impact Changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-serving or other inference-as-a-service installments. We have added...
GHSA-H6FG-MJXG-HQQ4 Integer truncation in Shard API usage
Impact The Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/util/worksharder.hL59-L60 However, there are several places in TensorFlo...
GHSA-X7RP-74X2-MJF3 Segfault in Tensorflow
Impact The RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Thus, the following code sets up conditions to...