22 matches found
CVE-2022-23559
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...
HE-LRM: Encrypted Deep Learning Recommendation Models Using Fully Homomorphic Encryption
Fully Homomorphic Encryption FHE is an encryption scheme that not only encrypts data but also allows for computations to be applied directly on the encrypted data. While computationally expensive, FHE can enable privacy-preserving neural inference in the client-server setting: a client encrypts...
SUSE CVE-2022-23559
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...
Huawei MindSpore Community 缓冲区错误漏洞
Huawei MindSpore Community is an open source deep learning framework from Huawei, China. Huawei MindSpore Community suffers from an information disclosure vulnerability that stems from accessing a shape allocated from the heap buffer if the input shape size is 0 when performing inferred shape...
GHSA-98P5-X8X4-C9M5 Integer overflow in TFLite
Impact An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations: cc int embeddingsize = 1; int lookupsize = 1; for int i = 0; i data.i32i; lookupsize = dim; outputshape-datak = dim; for int i = 1; i datak = dim; Both embeddingsize and lookupsize are...
Integer overflow in TFLite
Impact An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations: cc int embeddingsize = 1; int lookupsize = 1; for int i = 0; i data.i32i; lookupsize = dim; outputshape-datak = dim; for int i = 1; i datak = dim; Both embeddingsize and lookupsize are...
Google Tensorflow Input Validation Error Vulnerability (CNVD-2022-09880)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google Tensorflow is vulnerable to an input validation error that could be exploited by an attacker to build a TFLite model that leads to an integer overflow in the embedding lookup operation...
PYSEC-2022-123
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...
PYSEC-2022-68
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...
PYSEC-2022-68
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...
PYSEC-2022-123
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...
Integer overflow
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...
CVE-2022-23559 Integer overflow in TFLite
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...
CVE-2022-23559
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...
CVE-2022-23559 Integer overflow in TFLite
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...
Google Tensorflow 输入验证错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google Tensorflow is vulnerable to an input validation error that could be exploited by an attacker to build a TFLite model that leads to an integer overflow in the embedding lookup operation...
GHSA-4VRF-FF7V-HPGR Division by zero in TFLite's implementation of `EmbeddingLookup`
The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero error: cc const int rowsize = SizeOfDimensionvalue, 0; const int rowbytes = value-bytes / rowsize; An attacker can craft a model such that the first dimension of the value input is 0. Patches We have...
PYSEC-2021-722
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...
PYSEC-2021-524
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...
PYSEC-2021-233
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...