PYSEC-2021-585

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2. The implementation does not check that the length of...

PYSEC-2021-604

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage. The implementation does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub...

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

Buffer overflow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

PYSEC-2021-605

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

CVE-2021-37678 Arbitrary code execution due to YAML deserialization

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

CVE-2021-37692 Segfault on strings tensors with mistmatched dimensions in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

CVE-2021-37692

CVE-2021-37692 affects TensorFlow and centers on a segfault in string tensor deallocation during garbage collection when the encoding of a string tensor fails (e.g., mismatched dimensions). The root cause is an assumption that encoding succeeded, leading to use of the finalizer of the tensor with...

CVE-2021-37669 Crash in NMS ops caused by integer conversion to unsigned in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a...

CVE-2021-37663 Incomplete validation in `QuantizeV2` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...

CVE-2021-37674 Incomplete validation in `MaxPoolGrad` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...

CVE-2021-37683

TensorFlow (TFLite division) vulnerability (CVE-2021-37683): In affected builds, division in TFLite can produce a division-by-zero error because there is no check that the divisor tensor contains zero. The issue was addressed in commit 1e206baedf8bef0334cca3eb92bab134ef525a28 and the fix is plann...

CVE-2021-37684 Division by zero in TensorFlow Lite pooling operations

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit...

CVE-2021-37684

The CVE-2021-37684 issue affects TensorFlow/TFLite pooling implementations and is caused by division by zero due to missing checks for divisors. A patch was committed (dfa22b348b70bb89d6d6ec0ff53973bacb4f4695) and the fix is planned for TensorFlow 2.6.0, with cherry-picks to 2.5.1, 2.4.3, and 2.3...

CVE-2021-37668 Division by zero in TensorFlow Lite `tf.raw_ops.UnravelIndex`

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...

CVE-2021-37691 Division by zero in LSH in TensorFlow Lite

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...

CVE-2021-37679

TensorFlow CVE-2021-37679 concerns a vulnerability in nested tf.map_fn with RaggedTensor inputs. The root cause is in the conversion from a Variant tensor to a RaggedTensor: the implementation does not verify that all inner shapes match, which can produce extra dimensions and allow leakage of hea...

CVE-2021-37672 Heap OOB in `SdcaOptimizerV2` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2. The implementation does not check that the length of...