591 matches found
Null pointer dereference
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...
PYSEC-2021-551
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...
Null pointer dereference
TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...
CVE-2021-37637 Null pointer dereference in `CompressElement` in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...
CVE-2021-37637
CVE-2021-37637 is a TensorFlow null pointer dereference in tf.raw_ops.CompressElement triggered by invalid input. The issue occurred when code accessed a buffer size before validating the buffer, and has been patched in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5. The fix will be in Te...
CVE-2021-37653
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...
CVE-2021-37660
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing i...
CVE-2021-37636
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...
PYSEC-2021-555
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...
PYSEC-2021-573
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing i...
PYSEC-2021-566
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...
CVE-2021-37660 Division by 0 in inplace operations in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing i...
CVE-2021-37660
CVE-2021-37660 describes a division-by-zero flaw in TensorFlow’s inplace operations due to a logic error in inplace_ops.cc. The faulty condition uses || instead of &&, allowing a floating-point exception when crafted inputs are provided. The issue has been patched in the GitHub commit e86605c0a33...
CVE-2021-37653 Division by 0 in `ResourceGather` in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...
CVE-2021-37636
CVE-2021-37636 concerns TensorFlow with a vulnerability in tf.raw_ops.SparseDenseCwiseDiv where division by zero can occur due to how a shared binary-ops class handles this case. The issue affects affected TensorFlow versions and has been addressed by patching the underlying code in a GitHub comm...
Design/Logic Flaw
An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c...
CVE-2021-22549 Arbitrary enclave memory overwrite vulnerability in Asylo TrustedPrimitives::UntrustedCall
An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c...
Segfault in `tf.raw_ops.SparseCountSparseOutput`
Impact Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. Patches We have patched the issue in GitHub commit 82e6203221865de4008445b13c69b6826d2b28d9. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on...
Null dereference in Grappler's `TrySimplify`
Impact The implementation of TrySimplify has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs. Patches We have patched the issue in GitHub commit e6340f0665d53716ef3197ada88936c2a5f7a2d3. The fix will be included in TensorFlow...
Stack overflow in `ParseAttrValue` with nested tensors
Impact The implementation of ParseAttrValue can be tricked into stack overflow due to recursion by giving in a specially crafted input. Patches We have patched the issue in GitHub commit e07e1c3d26492c06f078c7e5bf2d138043e199c1. The fix will be included in TensorFlow 2.5.0. We will also cherrypic...