8 matches found
PYSEC-2026-969 TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad`
Impact The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. python import tensorflow as tf overlapping = True originputtensorshape =...
BIT-TENSORFLOW-2023-25801 TensorFlow has double free in Fractional(Max/Avg)Pool
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supporte...
Google TensorFlow 资源管理错误漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A resource management error vulnerability exists in Google TensorFlow version 2.12 prior to version 2.12.0 and version 2.11 prior to version 2.11.1, which stems from the...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from an implementation of FractionalAvgPoolGrad that does not fully validate the input...
GHSA-VJG4-V33C-GGC4 Out of bounds read in Tensorflow
Impact The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap: python import tensorflow as tf @tf.function def test: y = tf.rawops.FractionalAvgPoolGrad originputtensorshape=2,2,2,2,...
PYSEC-2022-54
Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
CVE-2022-21730
Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
CVE-2021-37651
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...