BIT-TENSORFLOW-2022-41887 Overflow in `tf.keras.losses.poisson` in Tensorflow

TensorFlow is an open source platform for machine learning. tf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched...

Overflow in `tf.keras.losses.poisson`

Impact tf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. python import numpy as np import tensorflow as tf truevalue =...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in the BinaryFunctor function of cwiseopscommon.h due to a size mismatch during broadcast assignment which allows an attacker to cause an application crash by providing malicious input...

CVE-2022-41887

TensorFlow CVE-2022-41887 describes a buffer/size-mismatch overflow in tf.keras.losses.poisson when y_pred/y_true dimensions overflow an int32 during broadcasting in BinaryOp. A patch is committed (c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c) and will be included in TensorFlow 2.11; TensorFlow 2.10....