CVE-2021-45387

tcpreplay 4.3.4 has a Reachable Assertion in addtreeipv4 at tree.c...

CVE-2021-45386

CVE-2021-45386 affects tcpreplay 4.3.4, with a reachable assertion in add_tree_ipv6() (tree.c). Multiple downstream advisories note fixes in newer tcpreplay releases (e.g., 4.4.1/4.4.2); Gentoo GLSA 202210-08 recommends upgrading to tcpreplay-4.4.2 to address CVE-2021-45386. Other sources (ALT Li...

CVE-2021-45387

CVE-2021-45387 affects tcpreplay 4.3.4, with a Reachable Assertion in add_tree_ipv4() located in tree.c. Public records (NVD, OSV, Gentoo GLSA, and Nessus notes) confirm this vulnerability is exploitable via a local vector and can impact availability (NVD CVSS3.1: LOCAL, LOW/or MEDIUM complexity,...

PT-2022-12336 · Tcpreplay +2 · Tcpreplay +2

Name of the Vulnerable Software and Affected Versions: tcpreplay version 4.3.4 Description: The issue is related to a Reachable Assertion in the add tree ipv6 function at tree.c. Recommendations: For tcpreplay version 4.3.4, consider restricting access to the add tree ipv6 function until a patch ...

PT-2022-12337 · Tcpreplay +2 · Tcpreplay +2

Name of the Vulnerable Software and Affected Versions: tcpreplay version 4.3.4 Description: The issue is related to a Reachable Assertion in the add tree ipv4 function at tree.c. Recommendations: For tcpreplay version 4.3.4, at the moment, there is no information about a newer version that contai...

CVE-2021-45386

tcpreplay 4.3.4 has a Reachable Assertion in addtreeipv6 at tree.c...

CVE-2021-45387

tcpreplay 4.3.4 has a Reachable Assertion in addtreeipv4 at tree.c...

GHSA-8RCJ-C8PJ-V3M3 Reachable Assertion in Tensorflow

Impact When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. Patches We have patched the issue in GitHub...

GHSA-4V5P-V5H9-6XJX `CHECK`-failures in Tensorflow

Impact An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. Patches We have patched the issue in GitHub commit c2b31ff2d3151acb230edc3f5b1832d2c713a9e0. The fix will be included in TensorFlow 2.8.0. W...

GHSA-F2VV-V9CG-QHH7 Assertion failure based denial of service in Tensorflow

Impact The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail: python import tensorflow as tf tf.rawops.DenseBincount input=0, 1, 2, size=1, weights=3,2,1, binaryoutput=False There are several conditions...

Integer overflows in Tensorflow

Impact The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial of service: python import tensorflow as tf import...

Reachable Assertion in Tensorflow

Impact When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow...

GHSA-RWW7-2GPW-FV6J Crash when type cannot be specialized in Tensorflow

Impact Under certain scenarios, TensorFlow can fail to specialize a type during shape inference: cc void InferenceContext::PreInputInit const OpDef& opdef, const std::vector& inputtensors, const std::vector& inputtensorsasshapes const auto ret = fulltype::SpecializeTypeattrs, opdef;...

Crash when type cannot be specialized in Tensorflow

Impact Under certain scenarios, TensorFlow can fail to specialize a type during shape inference: cc void InferenceContext::PreInputInit const OpDef& opdef, const std::vector& inputtensors, const std::vector& inputtensorsasshapes const auto ret = fulltype::SpecializeTypeattrs, opdef;...

Google Tensorflow code issue vulnerability (CNVD-2022-09900)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google TensorFlow has a code issue vulnerability that could be exploited by an attacker to cause a crash due to a failed assertion...

Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2021:3061)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3061 advisory. - hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. CVE-2020-13754 ...

AlmaLinux 8 : bind (ALSA-2021:1989)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1989 advisory. - In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as relea...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization of the DCHECK is a no-op in production builds, and an assertion failure in debug builds allowing an attacker to crash the system...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. The vulnerability exists due to a lack of santization of the CHECK assertion in shapeinference.cc file allowing an attacker to crash the system by injecting invalid dtype, 0 elements or an invalid shape...

openSUSE: Security Advisory for unbound (openSUSE-SU-2022:0176-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...