Lucene search
K

67 matches found

Github Security Blog
Github Security Blog
added 2021/08/25 2:41 p.m.26 views

`CHECK`-fail in `MapStage`

Impact An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage: python import tensorflow as tf tf.rawops.MapStage key=tf.constant, shape=0, 0, 0, 0, dtype=tf.int64, indices=tf.constant0, dtype=tf.int32, values=tf.constant0, dtype=tf.int32, dtypes=tf.int32, tf.int64,...

5.5CVSS5.8AI score0.00154EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.70 views

Incomplete validation in `tf.raw_ops.CTCLoss`

Impact Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap: python import tensorflow as tf inputs = tf.constant, shape=10, 16, 0, dtype=tf.float32 labelsindices = tf.constant, shape=8, 0, dtype=tf.int64 labelsvalues = tf.constant-100 8, shape=8,...

7.1CVSS1.6AI score0.0024EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.56 views

Heap buffer overflow in `BandedTriangularSolve`

Impact An attacker can trigger a heap buffer overflow in Eigen implementation of tf.rawops.BandedTriangularSolve: python import tensorflow as tf import numpy as np matrixarray = np.array matrixtensor = tf.converttotensornp.reshapematrixarray,0,1,dtype=tf.float32 rhsarray = np.array1,1 rhstensor =...

7.8CVSS2.5AI score0.00287EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.50 views

Incomplete validation in `SparseReshape`

Impact Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. python import tensorflow as tf inputindices = tf.constant41, shape=1, 1, dtype=tf.int64 inputshape = tf.zeros11, dtype=tf.int64 newshape = tf.zeros1, dtype=tf.int64...

5.5CVSS3.5AI score0.00202EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.43 views

Invalid validation in `QuantizeAndDequantizeV2`

Impact The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument: python import tensorflow as tf inputtensor = tf.constant0.0, shape=1, dtype=float inputmin = tf.constant-10.0 inputmax = tf.constant-10.0 tf.rawops.QuantizeAndDequantizeV2 input=inputtensor,...

7.8CVSS2.6AI score0.00201EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.58 views

Incomplete validation in `SparseAdd`

Impact Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data: python import tensorflow as tf aindices = tf.zeros10, 97, dtype=tf.int64 avalues = tf.zeros10, dtype=tf.int6...

7.8CVSS1.8AI score0.00234EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.70 views

Heap OOB and null pointer dereference in `RaggedTensorToTensor`

Impact Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty: python import tensorflow as tf shape = tf.constant-1, -1, shape=2, dtype=tf.int64 values = tf.constant, shape=0, dtype=tf.int64 defaultvalue =...

7.8CVSS0.5AI score0.00234EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.49 views

Heap buffer overflow and undefined behavior in `FusedBatchNorm`

Impact The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow: python import tensorflow as tf x = tf.zeros10, 10, 10, 6, dtype=tf.float32 scale = tf.constant0.0, shape=1, dtype=tf.float32 offset = tf.constant0.0, shape=1, dtype=tf.float32 mean = tf.constant0.0,...

7.8CVSS2AI score0.00211EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.40 views

Heap OOB read in `tf.raw_ops.Dequantize`

Impact Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data: python import tensorflow as tf inputtensor=tf.constant 75, 75, 75, 75, -6, -9, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10,\ -10, -10, -10, -10, -10, -10,...

7.1CVSS0.9AI score0.00198EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.40 views

Segfault in `CTCBeamSearchDecoder`

Impact Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults: python import tensorflow as tf inputs = tf.constant, shape=18, 8, 0, dtype=tf.float32 sequencelength = tf.constant11, -43, -92, 11, -89, -83, -35, -100, shape=8,...

5.5CVSS3.1AI score0.00189EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.37 views

Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad`

Impact The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty: python import tensorflow as tf originput = tf.constant2, 3, shape=1, 1, 1, 2, dtype=tf.int64 origoutput = tf.constant, dtype=tf.int64 outbackprop = tf.zeros2, 3, 6, 6,...

5.5CVSS3.2AI score0.00189EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.47 views

Heap buffer overflow in `MaxPoolGrad`

Impact The implementation of tf.rawops.MaxPoolGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originput = tf.constant0.0, shape=1, 1, 1, 1, dtype=tf.float32 origoutput = tf.constant0.0, shape=1, 1, 1, 1, dtype=tf.float32 grad = tf.constant, shape=0, 0, 0, 0,...

7.8CVSS1.3AI score0.00214EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.37 views

Heap buffer overflow in `FractionalAvgPoolGrad`

Impact The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originputtensorshape = tf.constant1, 3, 2, 3, shape=4, dtype=tf.int64 outbackprop = tf.constant2, shape=1, 1, 1, 1, dtype=tf.int64 rowpoolingsequence = tf.constant1...

7.8CVSS0.7AI score0.00211EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.37 views

Heap buffer overflow in `AvgPool3DGrad`

Impact The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originputshape = tf.constant10, 6, 3, 7, 7, shape=5, dtype=tf.int32 grad = tf.constant0.01, 0, 0, shape=3, 1, 1, 1, 1, dtype=tf.float32 ksize = 1, 1, 1, 1, 1 strides = 1, 1...

7.8CVSS2.5AI score0.00211EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.53 views

Heap buffer overflow in `MaxPool3DGradGrad`

Impact The implementation of tf.rawops.MaxPool3DGradGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf values = 0.01 11 originput = tf.constantvalues, shape=11, 1, 1, 1, 1, dtype=tf.float32 origoutput = tf.constant0.01, shape=1, 1, 1, 1, 1, dtype=tf.float32 grad =...

7.8CVSS1.1AI score0.00211EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.33 views

Overflow/denial of service in `tf.raw_ops.ReverseSequence`

Impact The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. python import tensorflow as tf input = tf.zeros1, 1, 1, dtype=tf.int32 seqlengths = tf.constant0, shape=1, dtype=tf.int32 tf.rawops.ReverseSequence input=input,...

5.5CVSS2.6AI score0.00198EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.30 views

Undefined behavior in `MaxPool3DGradGrad`

Impact The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors: python import tensorflow as tf originput = tf.constant0.0, shape=1, 1, 1, 1, 1, dtype=tf.float32 origoutput = tf.constant0.0, shape=1, 1, 1,...

7.8CVSS2.9AI score0.00201EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.38 views

Division by 0 in `MaxPoolGradWithArgmax`

Impact The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0: python import tensorflow as tf input = tf.constant, shape=0, 0, 0, 0, dtype=tf.float32 grad = tf.constant, shape=0, 0, 0, 0, dtype=tf.float32 argmax = tf.constant, shape=0, dtype=tf.int64 ksize = 1, 1, ...

5.5CVSS2.4AI score0.00189EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:25 p.m.35 views

Reference binding to nullptr in `SdcaOptimizer`

Impact The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer: python import tensorflow as tf sparseexampleindices = tf.constant0, dtype=tf.int64, tf.constant0, dtype=tf.int64 sparsefeatureindices = tf.constant, shape=0, 0, 0, 0,...

5.5CVSS1.1AI score0.00189EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:25 p.m.41 views

Memory corruption in `DrawBoundingBoxesV2`

Impact The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs: python import tensorflow as tf images = tf.fill10, 96, 0, 1, 0. boxes = tf.fill10, 53, 0, 0. colors = tf.fill0, 1, 0...

7.8CVSS1.1AI score0.0024EPSS
Exploits1References7Affected Software3
Rows per page
Query Builder