UVI-2021-1000771 wireguard: allowedips: free empty intermediate nodes when removing single node

wireguard: allowedips: free empty intermediate nodes when removing single node This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commi...

Backdoor.Win32.ReverseTrojan.200 Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3fbec7c0623f5f80e4d9c096a50b0d59.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.ReverseTrojan.200 Vulnerability: Authentication Bypass Empty Password Description:...

UBUNTU-CVE-2020-23303

There is a heap-buffer-overflow at jmem-poolman.c:165 in jmempoolscollectempty in JerryScript 2.2.0...

Fix of CVE: CVE-2021-28153

Fixed CVE-2021-28153: gfilereplace with GFILECREATEREPLACEDESTINATION creates empty target for dangling symlink...

GHSA-2XGJ-XHGF-GGJV Heap buffer overflow in `BandedTriangularSolve`

Impact An attacker can trigger a heap buffer overflow in Eigen implementation of tf.rawops.BandedTriangularSolve: python import tensorflow as tf import numpy as np matrixarray = np.array matrixtensor = tf.converttotensornp.reshapematrixarray,0,1,dtype=tf.float32 rhsarray = np.array1,1 rhstensor =...

GHSA-CJC7-49V2-JP64 Incomplete validation in `SparseAdd`

Impact Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data: python import tensorflow as tf aindices = tf.zeros10, 97, dtype=tf.int64 avalues = tf.zeros10, dtype=tf.int6...

GHSA-24X6-8C7M-HV3F Heap OOB read in TFLite's implementation of `Minimum` or `Maximum`

Impact The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting implementation indexes in both tensors with the same index but does not...

GHSA-3W67-Q784-6W7C Division by zero in TFLite's implementation of `GatherNd`

Impact The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero error: cc ret.dimstocounti = remainflatsize / paramsshape.Dimsi; An attacker can craft a model such that params input would be an empty tensor. In turn, paramsshape.Dims. would be zero, in at...

GHSA-9XH4-23Q4-V6WR Heap buffer overflow and undefined behavior in `FusedBatchNorm`

Impact The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow: python import tensorflow as tf x = tf.zeros10, 10, 10, 6, dtype=tf.float32 scale = tf.constant0.0, shape=1, dtype=tf.float32 offset = tf.constant0.0, shape=1, dtype=tf.float32 mean = tf.constant0.0,...

GHSA-VQ2R-5XVM-3HC3 Segfault in `CTCBeamSearchDecoder`

Impact Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults: python import tensorflow as tf inputs = tf.constant, shape=18, 8, 0, dtype=tf.float32 sequencelength = tf.constant11, -43, -92, 11, -89, -83, -35, -100, shape=8,...

GHSA-X8H6-XGQX-JQGP Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad`

Impact The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty: python import tensorflow as tf originput = tf.constant2, 3, shape=1, 1, 1, 2, dtype=tf.int64 origoutput = tf.constant, dtype=tf.int64 outbackprop = tf.zeros2, 3, 6, 6,...

GHSA-828X-QC2P-WPRQ Undefined behavior in `MaxPool3DGradGrad`

Impact The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors: python import tensorflow as tf originput = tf.constant0.0, shape=1, 1, 1, 1, 1, dtype=tf.float32 origoutput = tf.constant0.0, shape=1, 1, 1,...

GHSA-3H8M-483J-7XXM Heap out of bounds read in `RequantizationRange`

Impact The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs: python import tensorflow as tf input = tf.constant1, shape=1, dtype=tf.qint32 inputmax = tf.constant, dtype=tf.float32 inputmin =...

GHSA-PH87-FVJR-V33W CHECK-fail in `tf.raw_ops.RFFT`

Impact An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT: python import tensorflow as tf inputs = tf.constant1, shape=1, dtype=tf.float32 fftlength = tf.constant0, shape=1, dtype=tf.int32 tf.rawops.RFFTinput=inputs,...

GHSA-JHQ9-WM9M-CF89 CHECK-failure in `UnsortedSegmentJoin`

Impact An attacker can cause a denial of service by controlling the values of numsegments tensor argument for UnsortedSegmentJoin: python import tensorflow as tf inputs = tf.constant, dtype=tf.string segmentids = tf.constant, dtype=tf.int32 numsegments = tf.constant, dtype=tf.int32 separator = ''...

GHSA-4FG4-P75J-W5XJ Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`

Impact An attacker can cause a segfault and denial of service via accessing data outside of bounds in tf.rawops.QuantizedBatchNormWithGlobalNormalization: python import tensorflow as tf t = tf.constant1, shape=1, 1, 1, 1, dtype=tf.quint8 tmin = tf.constant, shape=0, dtype=tf.float32 tmax =...

GHSA-J8QC-5FQR-52FP Division by zero in `Conv2DBackpropFilter`

Impact An attacker can cause a division by zero to occur in Conv2DBackpropFilter: python import tensorflow as tf inputtensor = tf.constant, shape=0, 0, 0, 0, dtype=tf.float32 filtersizes = tf.constant0, 0, 0, 0, shape=4, dtype=tf.int32 outbackprop = tf.constant, shape=0, 0, 0, 0, dtype=tf.float32...

GHSA-8C89-2VWR-CHCQ Heap buffer overflow in `QuantizedResizeBilinear`

Impact An attacker can cause a heap buffer overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization: python import tensorflow as tf images = tf.constant, shape=0, dtype=tf.qint32 size = tf.constant, shape=0, dtype=tf.int32 min = tf.constant, dtype=tf.float32 max =...

GHSA-2GFX-95X2-5V3X Heap buffer overflow in `QuantizedReshape`

Impact An attacker can cause a heap buffer overflow in QuantizedReshape by passing in invalid thresholds for the quantization: python import tensorflow as tf tensor = tf.constant, dtype=tf.qint32 shape = tf.constant, dtype=tf.int32 inputmin = tf.constant, dtype=tf.float32 inputmax = tf.constant,...

GHSA-M3F9-W3P3-P669 Heap buffer overflow in `QuantizedMul`

Impact An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization: python import tensorflow as tf x = tf.constant256, 328, shape=1, 2, dtype=tf.quint8 y = tf.constant256, 328, shape=1, 2, dtype=tf.quint8 minx = tf.constant, dtype=tf.float32...