CVE-2021-41210

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow...

CVE-2021-41206

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

CVE-2021-41206 Incomplete validation of shapes in multiple TF ops

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

CVE-2021-41212

TensorFlow ragged.cross shape inference has a heap-based out-of-bounds read in affected releases prior to 2.7.0. The fix is in TensorFlow 2.7.0, with cherry-picks to 2.6.1, 2.5.2, and 2.4.4. Upgrade to 2.7.0+ or apply the patches to mitigate ICU/heap corruption risk. Other CVE trackers (OSV, GHSA...

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) Exploit

Exploit for windows platform in category dos / poc / Here's a snippet of JavascriptArray::BoxStackInstance. To fix issue 1420 , "deepCopy" was introduced. But it only deep-copies the array when "instance-head" is on the stack. So simply by adding a single line of code that allocates "head" to the...

Novell Groupwise multiple security vulnerabilities

Multiple memory corruptions, buffer overflows, integer overflows, heap array overflow...