CVE-2022-23572 Crash when type cannot be specialized in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

CVE-2022-23572

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

CVE-2022-23572 Crash when type cannot be specialized in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. A faulty bin count operation performed in SparseCountSparseOutput causes an assertion failure, allowing an attacker to pass malicious argument to trigger a CHECK-fail...

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google TensorFlow has a code issue vulnerability that could be exploited by an attacker to cause a crash due to a failed assertion...

PT-2022-16089 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier Description: TensorFlow can fail to specialize a type during shape inference. This issue is covered by the DCHECK function, which i...

Google Tensorflow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a security vulnerability that can be exploited by an attacker to cause a denial of service by changing the SavedModel so that it can be asserted in a function...

PT-2022-16080 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.3 TensorFlow versions prior to 2.6.3 TensorFlow versions prior to 2.7.1 TensorFlow versions prior to 2.8.0 Description: When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter...

CVE-2022-21737 Assertion failure based denial of service in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

Stack overflow

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

PYSEC-2022-133

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

PYSEC-2022-78

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

CVE-2022-23569

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

CVE-2022-23569 `CHECK`-fails when building invalid tensor shapes in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

CVE-2022-23569

TensorFlow/CVE-2022-23569: Denial‑of‑service via CHECK‑fails (assertion failures) across multiple ops in TensorFlow/TFLite, caused by invalid tensor shapes and related checks. Root cause: assertion failures in core paths; fixes released as patches implemented in GitHub commits. Remediation: upgra...

PYSEC-2022-131

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...

CVE-2022-23567

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...

PT-2022-16083 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The implementations of SparseCwise ops in TensorFlow are vulnerable to integer...

SUSE SLES15 Security Update : unbound (SUSE-SU-2022:0301-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0301-1 advisory. - DISPUTED Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle...

Mageia: Security Advisory (MGASA-2021-0089)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...