CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 2022/09/16 10:8 p.m.•24 views

TensorFlow vulnerable to `CHECK` fail in `DrawBoundingBoxes`

Impact When DrawBoundingBoxes receives an input boxes that is not of dtype float, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf import numpy as np arg0=tf.constantvalue=np.random.randomsize=1, 3, 2, 3, shape=1, 3, 2, 3, dtype=tf.half...

7.5CVSS7.4AI score0.00135EPSS

Exploits0References5Affected Software3

CVE•added 2022/09/16 10:5 p.m.•82 views

CVE-2022-36026

TensorFlow vulnerability CVE-2022-36026: A non-scalar num_bits input to QuantizeAndDequantizeV3 triggers a CHECK failure, enabling denial of service. The issue is fixed in commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713 and the fix will be in TensorFlow 2.10.0; cherry-picks are planned for 2.9.1,...

7.5CVSS6.4AI score0.00135EPSS

Vulnrichment•added 2022/09/16 10:5 p.m.•5 views

CVE-2022-36026 `CHECK` fail in `QuantizeAndDequantizeV3` in TensorFlow

TensorFlow is an open source platform for machine learning. If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713...

5.9CVSS7.4AI score0.00135EPSS

CVE•added 2022/09/16 10:5 p.m.•78 views

CVE-2022-36019

CVE-2022-36019 affects TensorFlow: a CHECK failure in FakeQuantWithMinMaxVarsPerChannel when min/max tensors are not rank-1 can trigger a denial of service. Patched in commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0; fix will be in TensorFlow 2.10.0, with cherry-picks to 2.9.1, 2.8.1, and 2.7.2. ...

7.5CVSS6.4AI score0.00135EPSS

OSV•added 2022/09/16 10:5 p.m.•18 views

CVE-2022-36019 `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel` in TensorFlow

TensorFlow is an open source platform for machine learning. If FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

5.9CVSS7.7AI score0.00135EPSS

Cvelist•added 2022/09/16 10:5 p.m.•17 views

CVE-2022-36019 `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel` in TensorFlow

5.9CVSS7.7AI score0.00135EPSS

Vulnrichment•added 2022/09/16 9:45 p.m.•6 views

CVE-2022-35986 Segfault in `RaggedBincount` in TensorFlow

TensorFlow is an open source platform for machine learning. If RaggedBincount is given an empty input tensor splits, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will b...

5.9CVSS7.4AI score0.00069EPSS

OSV•added 2022/09/16 9:45 p.m.•14 views

CVE-2022-35986 Segfault in `RaggedBincount` in TensorFlow

5.9CVSS7.6AI score0.00069EPSS

CVE•added 2022/09/16 9:45 p.m.•107 views

CVE-2022-35986

TensorFlow vulnerability CVE-2022-35986 affects RaggedBincount: if an empty input tensor for splits is provided, a segfault can trigger a denial of service. The issue is fixed via GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8, with the fix slated for TensorFlow 2.10.0 and cherry-picked b...

7.5CVSS6.4AI score0.00069EPSS

Cvelist•added 2022/09/16 9:40 p.m.•20 views

CVE-2022-35987 `CHECK` fail in `DenseBincount` in TensorFlow

TensorFlow is an open source platform for machine learning. DenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger a denial of service attack. We have...

Cvelist•added 2022/09/16 9:40 p.m.•15 views

CVE-2022-35984 `CHECK` fail in `ParameterizedTruncatedNormal` in TensorFlow

TensorFlow is an open source platform for machine learning. ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

Cvelist•added 2022/09/16 9:40 p.m.•16 views

CVE-2022-35983 `CHECK` fail in `Save` and `SaveSlices` in TensorFlow

TensorFlow is an open source platform for machine learning. If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. Th...

5.9CVSS7.7AI score0.00064EPSS

OSV•added 2022/09/16 9:35 p.m.•16 views

CVE-2022-35989 `CHECK` fail in `MaxPool` in TensorFlow

TensorFlow is an open source platform for machine learning. When MaxPool receives a window size input array ksize with dimensions greater than its input tensor input, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub comm...

5.9CVSS7.5AI score0.00064EPSS

Cvelist•added 2022/09/16 9:30 p.m.•15 views

CVE-2022-35982 Segfault in `SparseBincount` in TensorFlow

TensorFlow is an open source platform for machine learning. If SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE•added 2022/09/16 9:30 p.m.•64 views

CVE-2022-35982

TensorFlow CVE-2022-35982 describes a segfault in SparseBincount when inputs do not form a valid sparse tensor, potentially enabling a denial of service. A patch was applied in commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa, with the fix scheduled for TensorFlow 2.10.0 and cherry-picked for Tens...

7.5CVSS6.4AI score0.00064EPSS

OSV•added 2022/09/16 9:30 p.m.•28 views

CVE-2022-35982 Segfault in `SparseBincount` in TensorFlow