5 matches found
CVE-2022-41887
TensorFlow is an open source platform for machine learning. tf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched...
TensorFlow < 2.10.1 Multiple Vulnerabilities
The version of TensorFlow installed on the remote host is prior to 2.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the release notes. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
a62-emotion (>=0.10.12 <=0.11.4), agent-atm (>=0.1.0 <=0.1.1) +103 more potentially affected by CVE-2022-41887 via tensorflow-cpu (>=1.15.0 <=2.9.1)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =0.1.0, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.1.0.dev202107081840 and more Source cves: CVE-2022-41887 Source advisory: OSV:GHSA-8FVV-46HW-VPG3...
CVE-2022-41887 Overflow in `tf.keras.losses.poisson` in Tensorflow
TensorFlow is an open source platform for machine learning. tf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched...
CVE-2022-41887
TensorFlow CVE-2022-41887 describes a buffer/size-mismatch overflow in tf.keras.losses.poisson when y_pred/y_true dimensions overflow an int32 during broadcasting in BinaryOp. A patch is committed (c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c) and will be included in TensorFlow 2.11; TensorFlow 2.10....