6 matches found
SUSE CVE-2022-23575
Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateTensorSize is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in...
GHSA-V3F7-J968-4H5F Division by zero in Tensorflow
Impact The estimator for the cost of some convolution operations can be made to execute a division by 0: python import tensorflow as tf @tf.function def test: y=tf.rawops.AvgPoolGrad originputshape=1,1,1,1, grad=1.0,1.0,1.0,2.0,2.0,2.0,3.0,3.0,3.0, ksize=1,1,1,1, strides=1,1,1,0, padding='VALID',...
GHSA-8JJ7-5VXC-PG2Q Integer overflow in TensorFlow
Impact Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. Patches We have patched the issue in GitHub commi...
CVE-2022-23576
Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...
PT-2022-16092 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The implementation of OpLevelCostEstimator::CalculateTensorSize is vulnerable to...
CVE-2022-21725
Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure ...