Lucene search
K

9 matches found

Veracode
Veracode
added 2020/09/28 4:19 a.m.22 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS. The vulnerability exists due to a memory leak in the status argument when validation failures. This is caused lack of validation of the list of strings that is passed into dlpack.todlpack...

4.3CVSS3.3AI score0.00684EPSS
Exploits1References4Affected Software3
OSV
OSV
added 2020/09/25 7:15 p.m.4 views

PYSEC-2020-114

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS6.1AI score0.00749EPSS
Exploits1References4
OSV
OSV
added 2020/09/25 7:15 p.m.7 views

PYSEC-2020-306

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS5.9AI score0.00749EPSS
Exploits1References4
OSV
OSV
added 2020/09/25 7:15 p.m.5 views

PYSEC-2020-307

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods ca...

4.3CVSS5.8AI score0.00684EPSS
Exploits1References4
PyPA
PyPA
added 2020/09/25 7:15 p.m.6 views

PYSEC-2020-114

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS7.1AI score0.00749EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2020/09/25 7:15 p.m.5 views

PYSEC-2020-273

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

7.1CVSS7AI score0.00681EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2020/09/25 6:41 p.m.3 views

CVE-2020-15191

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS7.1AI score0.00749EPSS
Exploits1
OSV
OSV
added 2020/09/25 6:28 p.m.10 views

GHSA-8FXW-76PX-3RXV Memory leak in Tensorflow

Impact If a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/c/eager/dlpack.ccL100-L104 The allocated memory is from...

5.3CVSS5.8AI score0.00684EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2020/09/25 12:0 a.m.2 views

PT-2020-14263 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: Tensorflow versions prior to 2.2.1 Tensorflow versions prior to 2.3.1 Description: The issue occurs when a user passes a list of strings to dlpack.to dlpack, resulting in a memory leak following an expected validation failure. This happens...

9.8CVSS5.8AI score0.01235EPSS
Exploits16References68
Rows per page
Query Builder