61 matches found
EUVD-2021-0427
Malware in sbrugna...
EUVD-2022-0329
Malicious code in bioql PyPI...
EUVD-2022-0327
Malicious code in bioql PyPI...
EUVD-2022-0336
Malicious code in bioql PyPI...
CVE-2022-23588
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...
CVE-2022-23579
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
BIT-TENSORFLOW-2021-41204 Segfault while copying constant resource tensor
TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in...
BIT-TENSORFLOW-2021-41225 A use of uninitialized value vulnerability in Tensorflow
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the trainnodes vector obtained from the saved model that gets optimized does not contain a Dequeue node, then dequeuenode is left unitialized. The...
BIT-TENSORFLOW-2022-23579 `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
BIT-TENSORFLOW-2022-23581 `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
BIT-TENSORFLOW-2022-23588 `CHECK`-fails due to attempting to build a reference tensor in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...
SUSE CVE-2021-41225
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the trainnodes vector obtained from the saved model that gets optimized does not contain a Dequeue node, then dequeuenode is left unitialized. The...
`CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow
Impact The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. Patches We have patched the issue in GitHub commit 92dba16749fae36c246bec3f9ba474d9ddeb7662. The fix will be included in...
GHSA-5F2R-QP73-37MR `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow
Impact The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. Patches We have patched the issue in GitHub commit 92dba16749fae36c246bec3f9ba474d9ddeb7662. The fix will be included in...
GHSA-FX5C-H9F6-RV7C `CHECK`-fails due to attempting to build a reference tensor
Impact A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as reference types are not allowed. Patches We have patch...
Denial Of Service (DoS)
Tensorflow is vulnerable to denial of service. An attacker may exploit the vulnerability by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype...
Denial Of Service (DoS)
Tensorflow is vulnerable to denial of service. An attacker may exploit the vulnerability by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype...
Denial Of Service (DoS)
Tensorflow is vulnerable to denial of service. An attacker is able to crash the system by altering a SavedModel in Grappler optimizer such that IsSimplifiableReshape would trigger CHECK failures...
`CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow
Impact The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. Patches We have patched the issue in GitHub commits ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1,...
CVE-2022-23588
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...