CVE-2021-29610

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

CVE-2022-21726

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

BIT-TENSORFLOW-2022-21726 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

SUSE CVE-2021-29610

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

SUSE CVE-2022-21726

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

GHSA-43Q8-3FV7-PR5X Improper Validation of Integrity Check Value in TensorFlow

Impact The implementation of tf.sparse.split does not fully validate the input arguments. Hence, a malicious user can trigger a denial of service via a segfault or a heap OOB read: python import tensorflow as tf data = tf.random.uniform1, 32, 32, dtype=tf.float32 axis = 1, 2 x =...

Out of bounds read in Tensorflow

Impact The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses: python import tensorflow as tf @tf.function def test: y = tf.rawops.Dequantize input=tf.constant1,1,dtype=tf.qint32, minrange=1.0, maxrange=10.0, mode='MINCOMBINED',...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists due to the lack of validation of the value of axis and an out-of-bound access allowing an attacker to crash the system via the implementation of Dequantize...

PYSEC-2022-105

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

Design/Logic Flaw

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

CVE-2022-21726 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow has a buffer overflow vulnerability that stems from the fact that Dequantize's implementation does not fully validate the value of axis, which can be exploited by an attacker to caus...

GHSA-QFPC-5PJR-MH26 Missing validation in shape inference for `Dequantize`

Impact The shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments: python import tensorflow as tf tf.compat.v1.disablev2behavior tf.rawops.Dequantize inputtensor = tf.constant-10.0,...

PYSEC-2021-285

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...

PYSEC-2021-285

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...

CVE-2021-37663

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...

CVE-2021-37677

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...

GHSA-MQ5C-PRH3-3F3H Invalid validation in `QuantizeAndDequantizeV2`

Impact The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument: python import tensorflow as tf inputtensor = tf.constant0.0, shape=1, dtype=float inputmin = tf.constant-10.0 inputmax = tf.constant-10.0 tf.rawops.QuantizeAndDequantizeV2 input=inputtensor,...

Out-of-Bounds Read

tensorflow has out-of-bound read. The vulnerability exists due to the lack of validation of axis allowing an attacker to be able to read data from outside of the bounds of heap allocated in the buffer in tf.rawops.QuantizeAndDequantizeV3...

PYSEC-2021-679

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...