9 matches found
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service DoS. The vulnerability exists due to a memory leak in the status argument when validation failures. This is caused lack of validation of the list of strings that is passed into dlpack.todlpack...
PYSEC-2020-114
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...
PYSEC-2020-114
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...
PYSEC-2020-273
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...
PYSEC-2020-307
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods ca...
PYSEC-2020-306
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...
CVE-2020-15191
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...
GHSA-8FXW-76PX-3RXV Memory leak in Tensorflow
Impact If a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/c/eager/dlpack.ccL100-L104 The allocated memory is from...
PT-2020-14263 · Google +1 · Tensorflow +1
Name of the Vulnerable Software and Affected Versions: Tensorflow versions prior to 2.2.1 Tensorflow versions prior to 2.3.1 Description: The issue occurs when a user passes a list of strings to dlpack.to dlpack, resulting in a memory leak following an expected validation failure. This happens...