Google TensorFlow Buffer Overflow Vulnerability (CNVD-2020-54782)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Tensorflow SparseFillEmptyRowsGrad versions prior to 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1, and 2.3.1, which arises from a networked system or product that perfor...

PYSEC-2020-309

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

PYSEC-2020-122

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data...

CVE-2020-15199

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data...

CVE-2020-15190

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. Howeve...

GHSA-63XM-RX5P-XVQR Heap buffer overflow in Tensorflow

Impact The implementation of SparseFillEmptyRowsGrad uses a double indexing pattern: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparsefillemptyrowsop.ccL263-L269 It is possible for reverseindexmapi to be an index outside of bound...

PT-2020-14265 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: Tensorflow versions prior to 1.15.4 Tensorflow versions prior to 2.0.3 Tensorflow versions prior to 2.1.2 Tensorflow versions prior to 2.2.1 Tensorflow versions prior to 2.3.1 Description: The SparseFillEmptyRowsGrad implementation has...

cascadia:fuzz: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=6491831037329408 Project: cascadia Fuzzing Engine: libFuzzer Fuzz Target: fuzz Job Type: libfuzzerasancascadia Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000260f110 Crash State: NULL Sanitizer: address ASAN Recommended Securit...

SUSE-SU-2020:2711-1 Security update for libmspack

This update for libmspack fixes the following issues: Security issues fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure bsc1141680. - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal...

fasthttp:fuzz_request: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5745696710590464 Project: fasthttp Fuzzing Engine: libFuzzer Fuzz Target: fuzzrequest Job Type: libfuzzerasanfasthttp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000555d7b8 Crash State: NULL Sanitizer: address ASAN Recommended...

influxdb:fuzzjsonweb: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5206851896213504 Project: influxdb Fuzzing Engine: libFuzzer Fuzz Target: fuzzjsonweb Job Type: libfuzzerasaninfluxdb Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000003014946 Crash State: NULL Sanitizer: address ASAN Recommended...

golang-protobuf:wirefuzz: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5713763813294080 Project: golang-protobuf Fuzzing Engine: libFuzzer Fuzz Target: wirefuzz Job Type: libfuzzerasangolang-protobuf Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000002215c2e Crash State: NULL Sanitizer: address ASAN...

kubernetes:yaml_FuzzSigYaml: Segv on unknown address with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=4894792369307648 Project: kubernetes Fuzzing Engine: libFuzzer Fuzz Target: yamlFuzzSigYaml Job Type: libfuzzerasankubernetes Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State: NULL Sanitizer: address ASAN Crash...

BELL-CVE-2020-25211 CVE-2020-25211 does not affect BellSoft software

Bulletin has no description...

golang:fuzzer-httpresp: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=6305957406310400 Project: golang Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-httpresp Job Type: libfuzzerasangolang Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000039204f2 Crash State: NULL Sanitizer: address ASAN Recommended...

git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak

A flaw was found in git where credentials can be leaked through the use of a crafted URL. The crafted URL must contain a newline, empty host, or lack a scheme so that the credential helper is fulled into giving the information of a different host to the client. The highest threat from this...

c-blosc2:decompress_fuzzer: Nested bug in the same thread, aborting. with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=6211547465252864 Project: c-blosc2 Fuzzing Engine: libFuzzer Fuzz Target: decompressfuzzer Job Type: libfuzzermsanc-blosc2 Platform Id: linux Crash Type: Nested bug in the same thread, aborting. Crash Address: Crash State: NULL Sanitizer: memory...

matio:matio_fuzzer: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5376215391928320 Project: matio Fuzzing Engine: libFuzzer Fuzz Target: matiofuzzer Job Type: libfuzzerubsanmatio Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x011020202010 Crash State: NULL Sanitizer: undefined UBSAN Recommended...

Mozilla: Integer overflow in nsJPEGEncoder::emptyOutputBuffer

In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 78...

DBHcms Access Control Error Vulnerability

DBHcms is a small, free and open source content management system for personal and small business websites. An access control error vulnerability exists in DBHcms 1.2.0. The vulnerability stems from an access control failure to clear cache operation at line 175 of dbhcmspage.php. An attacker can...